makss utworzono 9 sierpnia 2010 utworzono 9 sierpnia 2010 Witam Mam problem otóż ciągle ktoś próbuje się włamać na mój komputer co parę minut. Próbuję zablokować stronę przez Hosta, ale strona zmienia porty. Proszę o pomoc!
MarekM25 komentarz 9 sierpnia 2010 komentarz 9 sierpnia 2010 Zobaczymy najpierw czy coś u Ciebie nie siedzi. Daj loga z OTL.
makss komentarz 10 sierpnia 2010 Autor komentarz 10 sierpnia 2010 (edytowane) [log]OTL logfile created on: 2010-08-10 14:22:41 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = E:\Download 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,75 Gb Total Space | 39,56 Gb Free Space | 45,09% Space Free | Partition Type: NTFS Drive D: | 180,84 Gb Total Space | 28,37 Gb Free Space | 15,69% Space Free | Partition Type: NTFS Drive E: | 29,50 Gb Total Space | 3,47 Gb Free Space | 11,78% Space Free | Partition Type: NTFS Drive F: | 29,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ŁUKASZ-KOMPUTER Current User Name: Łukasz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-08-10 13:44:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Download\OTL.exe PRC - [2010-07-27 22:35:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010-07-27 22:35:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-06-17 07:55:00 | 001,152,320 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TotalCmd.exe PRC - [2010-05-07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe PRC - [2010-05-07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2010-05-07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010-05-07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2009-12-31 20:54:43 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe PRC - [2009-07-07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-11-18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-08-10 13:44:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Download\OTL.exe MOD - [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-05-21 07:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2010-05-06 14:42:05 | 001,225,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2010-03-24 08:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-12-11 09:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 09:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-08-29 08:57:31 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 03:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009-07-14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 03:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 03:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-05-07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:[b]64bit:[/b] - [2010-01-09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360) SRV - [2009-11-27 19:27:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- D:\Gry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009-07-07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2009-05-15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008-11-18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2010-08-08 19:47:19 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2010-05-14 22:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC) DRV:[b]64bit:[/b] - [2010-05-14 22:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b]64bit:[/b] - [2010-05-14 22:00:28 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:[b]64bit:[/b] - [2010-05-07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:[b]64bit:[/b] - [2010-05-07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:[b]64bit:[/b] - [2010-05-06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv) DRV:[b]64bit:[/b] - [2010-04-29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2010-04-22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2010-04-22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2010-04-22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:[b]64bit:[/b] - [2010-03-20 23:18:44 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2010-03-20 23:18:42 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2010-03-06 12:36:54 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:[b]64bit:[/b] - [2010-02-26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP) DRV:[b]64bit:[/b] - [2010-02-04 03:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2009-11-27 18:38:42 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2009-09-23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2009-09-23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2009-09-23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2009-09-23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:[b]64bit:[/b] - [2009-07-07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis) DRV:[b]64bit:[/b] - [2009-07-07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-18 23:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-04-21 15:12:50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:[b]64bit:[/b] - [2009-03-27 02:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132) DRV - [2010-08-08 19:51:36 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100809.040\EX64.SYS -- (NAVEX15) DRV - [2010-08-08 19:51:35 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010-08-08 19:51:35 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-08-08 19:51:35 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100809.040\ENG64.SYS -- (NAVENG) DRV - [2010-07-20 01:28:05 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100719.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2010-06-17 03:54:14 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100805.004\IDSviA64.sys -- (IDSVia64) DRV - [2010-02-22 22:40:51 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2007-11-07 12:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-228064573-1868642622-381588749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010-08-09 14:30:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010-08-08 19:47:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-08-03 14:34:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-07-27 22:35:54 | 000,000,000 | ---D | M] [2009-11-27 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Extensions [2010-08-10 13:53:30 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\8e04pwg2.default\extensions [2010-07-24 18:03:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\8e04pwg2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-11-28 14:58:03 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\8e04pwg2.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34} [2010-06-28 13:37:21 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\8e04pwg2.default\extensions\personas@christopher.beard [2010-08-10 13:53:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-05-25 14:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009-01-28 21:46:54 | 000,307,200 | ---- | M] (ESKA) -- C:\Program Files (x86)\mozilla firefox\plugins\npOggX.dll [2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-27 22:35:52 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-07-27 22:35:52 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-07-27 22:35:52 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-07-27 22:35:52 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-07-27 22:35:52 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-07-27 22:35:52 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-09 16:39:20 | 000,416,139 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 discountprowatch.com O1 - Hosts: 127.0.0.1 www.discountprowatch.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14362 more lines... O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-228064573-1868642622-381588749-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-228064573-1868642622-381588749-1000..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-228064573-1868642622-381588749-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 217.30.137.200 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:[b]64bit:[/b] - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-17 09:05:17 | 000,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{7081180c-db73-11de-b394-001d7d206cdd}\Shell - "" = AutoRun O33 - MountPoints2\{7081180c-db73-11de-b394-001d7d206cdd}\Shell\AutoRun\command - "" = G:\setup\setup.exe -- File not found O33 - MountPoints2\{917b7b09-db57-11de-b9d3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{917b7b09-db57-11de-b9d3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2010-05-17 09:05:17 | 000,913,008 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-09 15:44:08 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Malwarebytes [2010-08-09 15:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-08-09 15:43:56 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010-08-09 15:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010-08-08 19:53:10 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys [2010-08-08 19:53:10 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys [2010-08-08 19:53:10 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys [2010-08-08 19:53:10 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys [2010-08-08 19:53:10 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys [2010-08-08 19:53:10 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys [2010-08-08 19:53:10 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys [2010-08-08 19:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C [2010-08-08 19:47:27 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010-08-08 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010-08-08 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010-08-08 19:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2010-08-08 19:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2010-08-08 19:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010-08-03 15:55:22 | 000,000,000 | R--D | C] -- C:\Users\Łukasz\Virtual Machines [2010-07-26 17:09:18 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\Singularity [2010-07-17 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010-07-17 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\uTorrent [2010-07-16 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\BlackMirror2 [2010-07-14 00:07:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2010-07-13 12:07:06 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Desktop\Nowy folder (3) [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-08-10 14:22:50 | 008,126,464 | -HS- | M] () -- C:\Users\Łukasz\ntuser.dat [2010-08-10 14:07:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-08-10 14:07:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-08-10 14:00:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-08-10 14:00:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-08-10 14:00:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2010-08-10 14:00:13 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2010-08-10 13:59:08 | 006,122,661 | -H-- | M] () -- C:\Users\Łukasz\AppData\Local\IconCache.db [2010-08-10 13:58:21 | 001,187,886 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB [2010-08-09 16:45:01 | 000,000,037 | ---- | M] () -- C:\Windows\Wininit.ini [2010-08-09 16:39:20 | 000,416,139 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010-08-09 16:35:34 | 001,561,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-08-09 16:35:34 | 000,702,094 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-08-09 16:35:34 | 000,619,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-08-09 16:35:34 | 000,138,562 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-08-09 16:35:34 | 000,108,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-08-09 16:15:07 | 000,416,139 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100809-163920.backup [2010-08-09 13:49:07 | 000,181,751 | ---- | M] () -- C:\Users\Łukasz\Desktop\1.PNG [2010-08-09 13:46:37 | 000,000,114 | ---- | M] () -- C:\Windows\YdpDict.INI [2010-08-09 13:40:27 | 000,169,761 | ---- | M] () -- C:\Users\Łukasz\Desktop\Przechwytywanie.PNG [2010-08-09 11:51:05 | 000,393,309 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100809-131257.backup [2010-08-09 11:30:01 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempya3912.html [2010-08-08 19:48:43 | 000,000,016 | ---- | M] () -- C:\Users\Łukasz\AppData\Roaming\mbsvil.dat [2010-08-08 19:47:19 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010-08-08 19:47:19 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010-08-08 19:47:19 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010-08-08 19:36:01 | 000,001,007 | ---- | M] () -- C:\Users\Łukasz\Desktop\CCleaner.lnk [2010-08-08 15:20:00 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempci4252.html [2010-08-07 16:12:31 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemphRz348.html [2010-08-07 16:12:31 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemppTP348.html [2010-08-06 13:05:38 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemptZ4792.html [2010-08-06 11:22:01 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempeg3664.html [2010-08-05 23:36:08 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempRA2320.html [2010-08-05 23:22:55 | 000,133,173 | ---- | M] () -- C:\Users\Łukasz\Desktop\mcc.jpg [2010-08-05 23:16:57 | 000,112,374 | ---- | M] () -- C:\Users\Łukasz\Desktop\bbbb.jpg [2010-08-05 23:16:29 | 000,127,018 | ---- | M] () -- C:\Users\Łukasz\Desktop\mc.jpg [2010-08-05 23:15:50 | 000,116,863 | ---- | M] () -- C:\Users\Łukasz\Desktop\me.jpg [2010-08-05 23:15:21 | 000,192,262 | ---- | M] () -- C:\Users\Łukasz\Desktop\jac.jpg [2010-08-05 22:54:22 | 000,206,714 | ---- | M] () -- C:\Users\Łukasz\Desktop\ja.jpg [2010-08-05 15:45:17 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemplX1060.html [2010-08-05 15:45:17 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempzo1060.html [2010-08-04 22:16:34 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPD3192.html [2010-08-03 22:42:39 | 000,000,587 | ---- | M] () -- C:\Windows\win.ini [2010-08-03 20:06:00 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempff3500.html [2010-08-03 20:06:00 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempFz3500.html [2010-08-03 18:20:10 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempxN3844.html [2010-08-03 14:44:37 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempzS2032.html [2010-08-03 14:44:37 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempHb2032.html [2010-08-03 11:58:53 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempYq3292.html [2010-08-02 23:20:02 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempMH4432.html [2010-07-30 23:21:47 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempTj4216.html [2010-07-30 15:35:43 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Templc4620.html [2010-07-30 14:33:37 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempIt4108.html [2010-07-30 14:33:37 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Temppb4108.html [2010-07-30 14:32:52 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempft3756.html [2010-07-30 14:32:52 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempaf3756.html [2010-07-29 22:48:12 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempKxU788.html [2010-07-29 13:09:53 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempaV4860.html [2010-07-29 13:09:53 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempsS4860.html [2010-07-28 21:57:19 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempzq3456.html [2010-07-28 13:45:29 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempHIk384.html [2010-07-28 13:31:24 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempoe1172.html [2010-07-28 13:00:35 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempqO4332.html [2010-07-27 22:36:03 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemprwT908.html [2010-07-27 12:25:28 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempXo4360.html [2010-07-27 12:25:28 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempsw4360.html [2010-07-27 12:07:35 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempuN4980.html [2010-07-26 17:08:40 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Singularity(TM).lnk [2010-07-26 16:19:40 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempkG4744.html [2010-07-26 16:19:40 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempqQ4744.html [2010-07-26 16:18:47 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempdJ4920.html [2010-07-26 16:18:47 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempWT4920.html [2010-07-25 23:01:09 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempsO4156.html [2010-07-25 23:01:09 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempDZ4156.html [2010-07-25 19:10:57 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempex5012.html [2010-07-24 15:33:42 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempVm4780.html [2010-07-22 23:03:07 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempQy4788.html [2010-07-22 14:50:42 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemphZ3288.html [2010-07-22 14:50:42 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempin3288.html [2010-07-21 20:24:03 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempAj4704.html [2010-07-20 22:41:08 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempKV4008.html [2010-07-20 21:17:36 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempjMP920.html [2010-07-20 12:01:04 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempsk4624.html [2010-07-20 12:01:04 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempZZ4624.html [2010-07-20 11:17:56 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemphwK860.html [2010-07-19 15:00:52 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempXj4168.html [2010-07-17 19:26:20 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempwS4396.html [2010-07-17 13:15:25 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-07-17 11:51:55 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPj3664.html [2010-07-16 22:25:30 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk [2010-07-16 22:06:35 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempkN2456.html [2010-07-16 12:13:25 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempxF3740.html [2010-07-15 13:38:52 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempje2440.html [2010-07-15 00:57:02 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempwj1768.html [2010-07-15 00:57:02 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempSs1768.html [2010-07-14 00:06:30 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempbu4956.html [2010-07-13 19:52:22 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Temprj2832.html [2010-07-13 14:17:41 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Temphy5020.html [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-09 13:49:07 | 000,181,751 | ---- | C] () -- C:\Users\Łukasz\Desktop\1.PNG [2010-08-09 13:40:27 | 000,169,761 | ---- | C] () -- C:\Users\Łukasz\Desktop\Przechwytywanie.PNG [2010-08-09 11:28:18 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempya3912.html [2010-08-09 11:14:37 | 001,187,886 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB [2010-08-08 19:53:10 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat [2010-08-08 19:53:10 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat [2010-08-08 19:53:10 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat [2010-08-08 19:53:10 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat [2010-08-08 19:53:10 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat [2010-08-08 19:53:10 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat [2010-08-08 19:53:10 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat [2010-08-08 19:53:10 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf [2010-08-08 19:53:10 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf [2010-08-08 19:53:10 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf [2010-08-08 19:53:10 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf [2010-08-08 19:53:10 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf [2010-08-08 19:53:10 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf [2010-08-08 19:53:10 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf [2010-08-08 19:53:09 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat [2010-08-08 19:53:09 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf [2010-08-08 19:52:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini [2010-08-08 19:48:43 | 000,000,016 | ---- | C] () -- C:\Users\Łukasz\AppData\Roaming\mbsvil.dat [2010-08-08 19:47:27 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010-08-08 19:47:27 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010-08-08 15:19:23 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempci4252.html [2010-08-07 16:12:31 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemphRz348.html [2010-08-07 16:12:31 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemppTP348.html [2010-08-06 13:05:14 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemptZ4792.html [2010-08-06 11:21:43 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempeg3664.html [2010-08-05 23:22:55 | 000,133,173 | ---- | C] () -- C:\Users\Łukasz\Desktop\mcc.jpg [2010-08-05 23:16:57 | 000,112,374 | ---- | C] () -- C:\Users\Łukasz\Desktop\bbbb.jpg [2010-08-05 23:16:29 | 000,127,018 | ---- | C] () -- C:\Users\Łukasz\Desktop\mc.jpg [2010-08-05 23:15:50 | 000,116,863 | ---- | C] () -- C:\Users\Łukasz\Desktop\me.jpg [2010-08-05 23:15:21 | 000,192,262 | ---- | C] () -- C:\Users\Łukasz\Desktop\jac.jpg [2010-08-05 22:54:21 | 000,206,714 | ---- | C] () -- C:\Users\Łukasz\Desktop\ja.jpg [2010-08-05 18:47:01 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempRA2320.html [2010-08-05 15:43:12 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemplX1060.html [2010-08-05 15:43:12 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempzo1060.html [2010-08-04 22:15:18 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPD3192.html [2010-08-03 19:37:31 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempff3500.html [2010-08-03 19:37:31 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempFz3500.html [2010-08-03 18:19:51 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempxN3844.html [2010-08-03 14:44:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempzS2032.html [2010-08-03 14:44:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempHb2032.html [2010-08-03 11:57:38 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempYq3292.html [2010-08-02 16:19:49 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempMH4432.html [2010-07-30 21:11:59 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempTj4216.html [2010-07-30 15:35:18 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Templc4620.html [2010-07-30 14:33:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempIt4108.html [2010-07-30 14:33:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Temppb4108.html [2010-07-30 14:30:20 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempft3756.html [2010-07-30 14:30:20 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempaf3756.html [2010-07-29 21:52:53 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempKxU788.html [2010-07-29 10:13:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempaV4860.html [2010-07-29 10:13:47 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempsS4860.html [2010-07-28 21:11:10 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempzq3456.html [2010-07-28 13:44:56 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempHIk384.html [2010-07-28 13:09:57 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempoe1172.html [2010-07-28 12:58:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempqO4332.html [2010-07-27 17:31:31 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemprwT908.html [2010-07-27 12:09:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempXo4360.html [2010-07-27 12:09:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempsw4360.html [2010-07-27 12:07:03 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempuN4980.html [2010-07-26 17:08:40 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Singularity(TM).lnk [2010-07-26 16:19:11 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempkG4744.html [2010-07-26 16:19:11 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempqQ4744.html [2010-07-26 16:18:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempdJ4920.html [2010-07-26 16:18:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempWT4920.html [2010-07-25 22:59:46 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempsO4156.html [2010-07-25 22:59:46 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempDZ4156.html [2010-07-25 16:40:20 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempex5012.html [2010-07-24 15:14:24 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempVm4780.html [2010-07-22 23:02:33 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempQy4788.html [2010-07-22 14:07:41 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemphZ3288.html [2010-07-22 14:07:41 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempin3288.html [2010-07-21 20:23:33 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempAj4704.html [2010-07-20 22:40:19 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempKV4008.html [2010-07-20 21:17:01 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempjMP920.html [2010-07-20 11:48:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempsk4624.html [2010-07-20 11:48:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempZZ4624.html [2010-07-20 10:25:41 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemphwK860.html [2010-07-19 13:31:33 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempXj4168.html [2010-07-17 19:24:55 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempwS4396.html [2010-07-17 13:15:25 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2010-07-17 11:51:29 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPj3664.html [2010-07-16 22:25:30 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk [2010-07-16 16:23:05 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempkN2456.html [2010-07-16 10:22:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempxF3740.html [2010-07-15 11:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempje2440.html [2010-07-14 18:09:33 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempwj1768.html [2010-07-14 18:09:33 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempSs1768.html [2010-07-13 23:48:04 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempbu4956.html [2010-07-13 19:51:00 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Temprj2832.html [2010-07-13 10:20:16 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Temphy5020.html [2010-05-14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010-05-14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010-05-13 22:04:34 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys [2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010-03-20 19:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2010-03-03 14:53:08 | 000,000,283 | ---- | C] () -- C:\Windows\Clony2.ini [2010-03-03 14:43:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-01-20 20:13:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\Tipage4.dll [2009-12-31 20:50:30 | 000,000,037 | ---- | C] () -- C:\Windows\Wininit.ini [2009-12-08 19:09:55 | 001,584,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009-11-28 16:19:27 | 000,000,114 | ---- | C] () -- C:\Windows\YdpDict.INI [2009-11-27 19:26:33 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009-11-27 19:26:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009-11-27 19:03:20 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2009-11-27 19:02:48 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2009-11-27 19:02:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2009-11-27 18:36:12 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009-11-27 18:36:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009-11-27 18:36:10 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009-11-27 18:36:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009-11-27 18:36:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009-11-27 18:36:08 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008-11-13 15:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini [color=#E56717]========== LOP Check ==========[/color] [2010-05-13 21:58:55 | 000,000,000 | -HSD | M] -- C:\Users\Łukasz\AppData\Roaming\.# [2009-11-27 19:06:32 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\ACD Systems [2010-03-06 23:24:13 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Bioshock2 [2009-11-27 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\DAEMON Tools Lite [2010-02-24 19:57:12 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Gadu-Gadu 10 [2010-01-30 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\GHISLER [2010-02-24 20:00:08 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\ipla [2010-03-18 18:34:14 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Leadertech [2010-02-13 01:14:02 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Nokia [2009-11-27 18:16:27 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Nowe Gadu-Gadu [2010-02-24 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\OpenFM [2010-02-13 01:13:59 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\PC Suite [2010-03-20 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Prison Break [2010-07-07 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\runic games [2010-07-17 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\uTorrent [2010-03-06 12:51:50 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\Vso [2010-05-13 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\WinAVI [2010-06-30 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\XRay Engine [2010-07-02 13:13:25 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009-11-27 15:19:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-08-10 14:00:13 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2010-06-12 00:27:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-06-12 00:27:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-08-10 14:00:15 | 4294,500,352 | -HS- | M] () -- C:\pagefile.sys [2010-08-09 15:23:52 | 000,000,880 | ---- | M] () -- C:\Sys_LogWin.log [2009-11-27 15:30:38 | 000,171,136 | RHS- | M] () -- C:\W7LDR [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\Windows:A6E8FA7887F538AC @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1AAB2E68 < End of report > OTL Extras logfile created on: 2010-08-10 14:22:41 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = E:\Download 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,75 Gb Total Space | 39,56 Gb Free Space | 45,09% Space Free | Partition Type: NTFS Drive D: | 180,84 Gb Total Space | 28,37 Gb Free Space | 15,69% Space Free | Partition Type: NTFS Drive E: | 29,50 Gb Total Space | 3,47 Gb Free Space | 11,78% Space Free | Partition Type: NTFS Drive F: | 29,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ŁUKASZ-KOMPUTER Current User Name: Łukasz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0 "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010 "{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "lvdrivers_12.10" = Pakiet sterowników: Logitech Webcam Software "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08BF6EA5-120D-462D-ADE0-912A77DBCB2E}" = Cisco Network Magic "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20 "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64 "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3abd3909-d11f-4776-b11f-a2b68c9c958d}" = Nero 9 Trial "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R) "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Zew Prypeci [v1.6.01] "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.3 - Polish "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALLPlayer_is1" = ALLPlayer V4.X "AudioCS" = Creative Audio Control Panel "Black Mirror 2_is1" = Black Mirror 2 "CCleaner" = CCleaner "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "ET3" = English Translator 3 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01 "Gadu-Gadu 10" = Gadu-Gadu 10 "HaaliMkx" = Haali Media Splitter "HD Tune_is1" = HD Tune 2.55 "InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM) "KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full) "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "N360" = Norton 360 "Network MagicUninstall" = Network Magic "OpenAL" = OpenAL "RealAlt_is1" = Real Alternative 2.0.2 Lite "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "Runic Games Torchlight" = Torchlight "Totalcmd" = Total Commander (Remove or Repair) "UltraISO_is1" = UltraISO Premium V9.31 "uTorrent" = µTorrent "Winamp" = Winamp "WinAVI Video Converter 10.1_is1" = WinAVI Video Converter "Windows & Internet Cleaner Pro_is1" = Windows & Internet Cleaner Pro 7.50 "Xvid_is1" = Xvid 1.2.1 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-228064573-1868642622-381588749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FolderLock6" = Folder Lock "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-08-04 15:29:42 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: Movies.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a927780 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001626 Identyfikator procesu powodującego błąd: 0x9a0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb3403aa0cc160 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\Plugins\Movies.dll Identyfikator raportu: a0c46010-9ffe-11df-a1e3-001d7d206cdd Error - 2010-08-04 15:30:38 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: Movies.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a927780 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001626 Identyfikator procesu powodującego błąd: 0x500 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340b7880ca30 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\Plugins\Movies.dll Identyfikator raportu: c24d3ea0-9ffe-11df-a1e3-001d7d206cdd Error - 2010-08-04 15:33:01 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: Movies.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a927780 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001626 Identyfikator procesu powodującego błąd: 0x394 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340bb7468d90 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\Plugins\Movies.dll Identyfikator raportu: 1767c630-9fff-11df-a1e3-001d7d206cdd Error - 2010-08-04 15:37:20 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: Movies.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a927780 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001626 Identyfikator procesu powodującego błąd: 0x1288 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340c64b8be80 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\Plugins\Movies.dll Identyfikator raportu: b1a72ba0-9fff-11df-a1e3-001d7d206cdd Error - 2010-08-04 15:59:28 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x01401300 Identyfikator procesu powodującego błąd: 0xa04 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340c8d55a010 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c934dda0-a002-11df-a1e3-001d7d206cdd Error - 2010-08-04 15:59:28 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x01401300 Identyfikator procesu powodującego błąd: 0x139c Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340f8bcaf940 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c98109a0-a002-11df-a1e3-001d7d206cdd Error - 2010-08-04 16:14:49 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Nazwa modułu powodującego błąd: CBS.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x4a927773 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002658f Identyfikator procesu powodującego błąd: 0x1070 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb340f8e253520 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Identyfikator raportu: ee2df1d0-a004-11df-a1e3-001d7d206cdd Error - 2010-08-05 08:34:37 | Computer Name = Łukasz-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. . Error - 2010-08-05 10:06:10 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CBS.exe, wersja: 1.4.3.0, sygnatura czasowa: 0x4b911efd Nazwa modułu powodującego błąd: movies.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x4a927780 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00001626 Identyfikator procesu powodującego błąd: 0xd9c Godzina uruchomienia aplikacji powodującej błąd: 0x01cb34a6fa741c40 Ścieżka aplikacji powodującej błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\CBS.exe Ścieżka modułu powodującego błąd: D:\jdownloader\downloads\City.Bus.Simulator.NewYork.2o1o.Full-Rip.-TPTB\TML-Studios\CityBusSimulator2010-NewYork\movies.dll Identyfikator raportu: 98cb99e0-a09a-11df-8220-001d7d206cdd Error - 2010-08-05 17:02:27 | Computer Name = Łukasz-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: ACDSee11.exe, wersja: 11.0.85.0, sygnatura czasowa: 0x48d946ca Nazwa modułu powodującego błąd: XalanMessages_1_9.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x42d59bef Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000030 Identyfikator procesu powodującego błąd: 0x11c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb34df9eb9b0c0 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe Ścieżka modułu powodującego błąd: C:\Program Files (x86)\ACD Systems\ACDSee\11.0\XalanMessages_1_9.dll Identyfikator raportu: c03211f0-a0d4-11df-b1c1-001d7d206cdd [ System Events ] Error - 2010-08-07 14:38:25 | Computer Name = Łukasz-Komputer | Source = bowser | ID = 8003 Description = Error - 2010-08-07 16:10:27 | Computer Name = Łukasz-Komputer | Source = bowser | ID = 8003 Description = Error - 2010-08-08 11:49:55 | Computer Name = Łukasz-Komputer | Source = bowser | ID = 8003 Description = Error - 2010-08-08 13:31:26 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Norton 360 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-08-08 13:31:38 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Norton 360 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-08-08 13:33:26 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Norton 360, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2010-08-08 13:48:51 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Norton 360 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-08-08 13:49:04 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Norton 360 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-08-08 13:50:51 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Norton 360, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error - 2010-08-08 13:51:04 | Computer Name = Łukasz-Komputer | Source = Service Control Manager | ID = 7032 Description = Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Norton 360, ale ta akcja nie powiodła się przy następującym błędzie: %%1056.[/log] [color="#FF0000"]//Logi wklejamy w tag [log][/log]Proszę o tym pamiętać //Sohei[/color] < End of report >
grzesław komentarz 10 sierpnia 2010 komentarz 10 sierpnia 2010 (edytowane) Makss kolego tak ode mnie też mam nortona, też mnie atakowano dosłownie co 5-10 sekund przez kilka dni po 1-2godz, wpierw z jednego komputera(adresu), potem widziałem kilka adresów, nawet wiem czemu. Uważam że nie masz czego zbytnio się bać . Ustawienia sieci> Inteligentna zapora/ustawienia zaawansowane>reguły ogólne Konfiguruj[+]>Dodaj>Blokuj>do od>Tylko komputery i witryny z poniższej listy>Dodaj>indywidualnie i dajesz adres IP. jest też opcja na jaki czas blokować, dajesz 48 godz. EDIT: Sprawdzić możesz w historii jakie porty były wykorzystywane i dla spokojności zablokuj w zaporze zakres portów o ile nie będą tobie kolidować.
makss komentarz 11 sierpnia 2010 Autor komentarz 11 sierpnia 2010 Aha dzięki za informację. Ale na szczęście jak na razie jest już spokój żadnych ataków.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.