x-kom hosting

[Rozwiązany] Problem z wyłączaniem

hyper1pl
utworzono
utworzono

Witam, mam problem na który nie mogę nigdzie znaleźć odpowiedzi.
Kupiłem laptopa (używanego) 7 miesięcy temu. Na początku wszystko było w porządku, ale po miesiącu sprzęt zaczął wolniej chodzić, co raz dłużej się wyłączał i włączał. Po pewnym czasie musiałem już czekać 2h na wyłączenie i 30 min na włączenie, więc zrobiłem format. Wszystko było w porządku do pewnego czasu. Po 1,5 miesiącu problem się ponawiał i znów robiłem formata. I tak ze 3 razy. Ostatnio znów pojawił się ten sam problem, a robienie kolejnego formata denerwuje mnie. W czym problem? Mogę dodać, że mam laptopa firmy samsung, a działa na systemie Windows Vista Home Basic ( chyba najgorsza wersja najgorszego systemu ). Czy jest to wina systemu, czy komputera? A może jakiś wirus, którego Antywirus nie znajduje? Proszę o jak najszybszą pomoc.

Pozdrawiam :)

[color="#ff0000"]//przenoszę do Bezpieki
//raaz[/color]

Pawel9588
komentarz
komentarz

a jaki antywirusem skanowałeś?

hyper1pl
komentarz
komentarz

Microsoft Security Essentials

Nikt nie potrafi mi pomóc?

raazor90
komentarz
komentarz

Daj loga z OTL i RSIT
http://www.forumpc.pl/index.php?showtopic=104338

hyper1pl
komentarz
komentarz

[log]OTL logfile created on: 2010-08-27 21:38:56 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\kamil\Documents\download
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 28,18 Gb Free Space | 40,81% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 8,78 Gb Free Space | 12,54% Space Free | Partition Type: NTFS
Drive E: | 416,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 405,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMIL-DOM
Current User Name: kamil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-08-27 21:36:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\kamil\Documents\download\OTL.exe
PRC - [2010-08-24 19:00:46 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010-08-24 10:33:17 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\Steam.exe
PRC - [2010-07-24 09:37:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-07-22 01:24:16 | 012,477,024 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-06-01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010-05-31 17:47:31 | 000,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2010-05-31 17:47:24 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-05-13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2010-05-13 16:12:40 | 000,080,256 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2010-03-25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010-03-25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009-11-24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-06-15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-02-25 09:28:20 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-06-09 00:23:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008-05-23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008-05-23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008-05-22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008-05-13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008-04-25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008-04-17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008-04-17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-03-17 11:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-21 04:34:50 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008-01-21 04:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008-01-21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008-01-21 04:34:33 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2008-01-21 04:34:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2008-01-21 04:34:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-21 04:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008-01-21 04:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:32:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2008-01-21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007-10-26 07:39:14 | 000,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2007-10-26 07:39:04 | 001,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-07-05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006-12-19 15:23:38 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006-11-02 11:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-08-27 21:36:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\kamil\Documents\download\OTL.exe
MOD - [2010-07-26 18:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2009-07-17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-06-15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-04-28 11:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll
MOD - [2009-04-23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-02-13 10:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2008-10-21 07:25:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2008-10-16 06:47:33 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2008-02-29 08:53:38 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-21 04:34:50 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2008-01-21 04:34:50 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2008-01-21 04:34:47 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2008-01-21 04:34:46 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008-01-21 04:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 04:34:35 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 04:34:34 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008-01-21 04:34:22 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008-01-21 04:34:22 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2008-01-21 04:34:21 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 04:34:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008-01-21 04:34:20 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008-01-21 04:34:11 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008-01-21 04:34:07 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008-01-21 04:34:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 04:34:05 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 04:34:05 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008-01-21 04:34:03 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008-01-21 04:34:03 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008-01-21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008-01-21 04:33:53 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2008-01-21 04:33:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2008-01-21 04:33:52 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008-01-21 04:33:52 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008-01-21 04:33:48 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008-01-21 04:33:47 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-21 04:33:46 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008-01-21 04:33:37 | 000,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2008-01-21 04:33:20 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-21 04:33:15 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008-01-21 04:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008-01-21 04:33:14 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-21 04:33:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008-01-21 04:32:53 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-08-24 19:00:46 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-06-02 18:31:00 | 003,594,440 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010-03-25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-05-27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009-04-28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009-02-25 09:28:20 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008-11-24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008-11-24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008-05-23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008-05-23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008-05-13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008-01-21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010-07-22 02:28:58 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Gry\Zypher\zhypermu small r3\MuGuard\llck2.sys -- (LLRING0)
DRV - [2010-04-27 17:49:25 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-03-25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010-03-25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009-04-06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009-02-18 18:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009-02-10 17:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008-06-16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008-06-09 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-04-17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-05 07:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008-02-14 01:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008-01-21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 04:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008-01-21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-12-28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007-10-26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-09-13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-07-16 00:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007-07-16 00:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007-05-23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007-01-04 13:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 13:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-11-28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006-10-19 04:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm






IE - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=CriticalDamage&utm_medium=start
IE - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.134

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-24 09:37:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-24 09:37:44 | 000,000,000 | ---D | M]

[2010-04-10 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Extensions
[2010-08-26 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions
[2010-08-04 16:29:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-27 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\DTToolbar@toolbarnet.com
[2010-07-30 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\toolbar@ask.com
[2010-04-27 17:49:40 | 000,002,055 | ---- | M] () -- C:\Users\kamil\AppData\Roaming\Mozilla\FireFox\Profiles\gmr2j1a9.default\searchplugins\daemon-search.xml
[2010-07-10 17:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-10 18:05:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-10 17:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-07-10 17:18:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-06-30 17:24:17 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-06-30 17:24:17 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-06-30 17:24:17 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-06-30 17:24:17 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-06-30 17:24:17 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-06-30 17:24:17 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003..\Run: [nod32] C:\Users\kamil\AppData\Local\Temp\nodqq.exe File not found
O4 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003..\Run: [Steam] D:\Gry\Steam\Steam.exe (Valve Corporation)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kamil\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\kamil\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001-04-05 13:56:50 | 000,155,648 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000-09-26 15:57:42 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-03-27 19:55:30 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,000,380 | R--- | M] () - G:\autorun.xml -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,290 | R--- | M] () - G:\autorun_de.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - G:\autorun_en.css -- [ CDFS ]
O32 - AutoRun File - [2009-08-27 20:33:44 | 000,003,300 | R--- | M] () - G:\autorun_pl.css -- [ CDFS ]
O33 - MountPoints2\{c62b9339-5214-11df-9312-001377f510d9}\Shell - "" = AutoRun
O33 - MountPoints2\{c62b9339-5214-11df-9312-001377f510d9}\Shell\AutoRun\command - "" = G:\cdstart.exe -- [2009-08-27 20:33:26 | 000,266,240 | R--- | M] ()
O33 - MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\Shell\AutoRun\command - "" = F:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\Shell\open\Command - "" = F:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{fd9cf149-1d00-11de-95d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fd9cf149-1d00-11de-95d8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2001-04-05 13:56:50 | 000,155,648 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
MsConfig - StartUpReg: [b]LightScribe Control Panel[/b] - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-24 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\kamil\Documents\The Witcher
[2010-08-24 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Local\The Witcher
[2010-08-24 12:39:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2010-08-19 19:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010-08-19 19:40:39 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\FastStone
[2010-08-19 19:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Photo Resizer
[2010-08-19 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-08-18 10:54:00 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\gtk-2.0
[2010-08-18 10:01:10 | 000,000,000 | ---D | C] -- C:\Users\kamil\.thumbnails
[2010-08-18 09:45:46 | 000,000,000 | ---D | C] -- C:\Users\kamil\.gimp-2.6
[2010-08-18 09:45:45 | 000,000,000 | ---D | C] -- C:\Users\kamil\Documents\gegl-0.0
[2010-08-18 09:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010-08-17 21:55:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-08-17 21:38:00 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Local\Google
[2010-08-17 21:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-08-17 13:20:28 | 000,080,980 | ---- | C] (BioWare Corp.) -- C:\Windows\Uninstall Jade Empire.exe
[2010-08-04 14:06:27 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010-08-01 10:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010-08-01 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\kamil\Documents\Odebrane pliki
[2010-07-31 21:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2010-07-30 13:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010-07-30 13:28:08 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Local\AskToolbar
[2010-07-30 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010-07-30 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010-07-30 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\uTorrent
[2010-07-28 00:14:29 | 000,000,000 | ---D | C] -- C:\Users\kamil\Documents\download
[2010-07-20 21:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010-07-20 21:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-07-20 21:14:20 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\WinRAR
[2010-07-20 21:14:18 | 000,249,856 | ---- | C] (Alexander Roshal) -- C:\Windows\UnRAR.exe
[2010-07-20 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\Ventrilo
[2010-07-13 21:08:05 | 000,000,000 | ---D | C] -- C:\Users\kamil\.gstreamer-0.10
[2010-07-13 21:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OpenFM
[2010-07-13 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\OpenFM
[2010-07-12 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\kamil\AppData\Roaming\GetRightToGo
[2010-07-11 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\kamil\Documents\Guild Wars
[2010-07-10 17:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-07-10 17:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-07-10 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-07-08 23:59:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010-07-04 14:48:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010-06-29 17:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2006-11-24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006-11-24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-27 21:43:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-27 21:43:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-27 21:39:09 | 002,097,152 | -HS- | M] () -- C:\Users\kamil\NTUSER.DAT
[2010-08-27 21:37:07 | 000,137,021 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-08-27 21:37:07 | 000,137,021 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-08-27 20:42:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-08-27 20:42:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-08-27 19:12:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3982A897-C764-48B3-90D3-5CE2FC2D8A19}.job
[2010-08-27 12:46:40 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDDK968.html
[2010-08-27 12:46:40 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempylo968.html
[2010-08-27 12:45:49 | 000,002,379 | ---- | M] () -- C:\Users\kamil\Desktop\Skype.lnk
[2010-08-27 12:42:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-08-27 12:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-08-27 12:42:26 | 2141,831,168 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-26 22:00:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-08-26 22:00:01 | 002,516,196 | -H-- | M] () -- C:\Users\kamil\AppData\Local\IconCache.db
[2010-08-26 21:51:54 | 000,044,534 | ---- | M] () -- C:\Users\kamil\Documents\adda.jpeg
[2010-08-26 21:48:28 | 000,077,674 | ---- | M] () -- C:\Users\kamil\Documents\aga.jpeg
[2010-08-26 21:46:26 | 000,118,262 | ---- | M] () -- C:\Users\kamil\Documents\ada.jpeg
[2010-08-26 21:44:25 | 000,038,114 | ---- | M] () -- C:\Users\kamil\Documents\asa.jpeg
[2010-08-26 18:54:15 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempEP3404.html
[2010-08-26 15:56:31 | 000,524,288 | -HS- | M] () -- C:\Users\kamil\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010-08-26 15:56:31 | 000,065,536 | -HS- | M] () -- C:\Users\kamil\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010-08-25 15:45:03 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempIy5004.html
[2010-08-24 13:22:50 | 000,000,808 | ---- | M] () -- C:\Users\kamil\Desktop\launcher — skrót.lnk
[2010-08-23 16:55:41 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempmT5472.html
[2010-08-23 03:43:32 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempdw4684.html
[2010-08-23 03:43:32 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempzM4684.html
[2010-08-22 16:45:30 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010-08-19 21:31:44 | 000,024,634 | ---- | M] () -- C:\Users\kamil\Documents\WoWtest.jpg
[2010-08-19 21:31:44 | 000,008,350 | ---- | M] () -- C:\Users\kamil\.recently-used.xbel
[2010-08-19 21:20:50 | 000,023,436 | ---- | M] () -- C:\Users\kamil\Documents\WoW.jpg
[2010-08-19 21:01:49 | 000,408,587 | ---- | M] () -- C:\Users\kamil\Documents\WoW.xcf
[2010-08-19 20:06:16 | 000,360,054 | ---- | M] () -- C:\Users\kamil\Documents\kopia.jpg.bmp
[2010-08-19 19:55:20 | 000,001,687 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010-08-19 19:55:20 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010-08-19 19:40:35 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2010-08-19 14:01:51 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-08-18 09:45:34 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010-08-17 23:37:25 | 001,600,210 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-08-17 23:37:25 | 000,708,820 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010-08-17 23:37:25 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-08-17 23:37:25 | 000,144,430 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010-08-17 23:37:25 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-08-17 13:20:29 | 000,080,980 | ---- | M] (BioWare Corp.) -- C:\Windows\Uninstall Jade Empire.exe
[2010-08-17 13:20:29 | 000,000,619 | ---- | M] () -- C:\Users\Public\Desktop\Jade Empire.lnk
[2010-08-15 21:41:55 | 000,069,632 | ---- | M] () -- C:\Users\kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-15 10:58:32 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempWX1360.html
[2010-08-13 20:36:21 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemplQ1032.html
[2010-08-12 21:29:06 | 000,372,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-08-10 21:00:46 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPx3640.html
[2010-08-10 21:00:46 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemplL3640.html
[2010-08-08 23:45:52 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDx3124.html
[2010-08-08 23:45:52 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempIh3124.html
[2010-08-05 23:44:53 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempez1412.html
[2010-08-05 23:44:49 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempEs1412.html
[2010-08-05 23:44:27 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempBW4588.html
[2010-08-05 23:25:17 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempXp4588.html
[2010-08-05 23:23:35 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempah3576.html
[2010-08-05 18:47:19 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemprQ3576.html
[2010-08-05 15:04:29 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempbZ3836.html
[2010-08-05 15:04:28 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempyt3836.html
[2010-08-04 18:34:08 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempoU4032.html
[2010-08-04 18:34:08 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempAw4032.html
[2010-08-04 16:17:14 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempAi4032.html
[2010-08-04 15:41:18 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempzC3172.html
[2010-08-04 15:41:11 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempMl3172.html
[2010-08-04 00:46:41 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempFX1580.html
[2010-08-03 22:54:33 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempXI1580.html
[2010-08-03 20:49:14 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempUC1708.html
[2010-08-03 20:49:14 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempgn1708.html
[2010-08-03 20:31:26 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemphL1708.html
[2010-08-03 18:50:26 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempzr2748.html
[2010-08-03 18:50:12 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempub2748.html
[2010-08-03 16:20:29 | 000,000,680 | ---- | M] () -- C:\Users\kamil\AppData\Local\d3d9caps.dat
[2010-08-03 15:42:29 | 000,000,585 | ---- | M] () -- C:\Users\kamil\Desktop\Critical Damage.lnk
[2010-08-03 14:33:11 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempCC1656.html
[2010-08-03 14:05:16 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempCq1656.html
[2010-08-02 23:47:02 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempkl2268.html
[2010-08-02 23:30:17 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempFV2268.html
[2010-08-02 12:51:25 | 000,101,040 | ---- | M] () -- C:\Users\kamil\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-08-02 11:45:57 | 000,000,433 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010-08-02 11:41:45 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010-08-01 18:01:34 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempQN2172.html
[2010-08-01 18:01:32 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempNT2172.html
[2010-08-01 11:55:12 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010-08-01 11:55:12 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010-08-01 11:55:12 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010-08-01 11:48:54 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempvU2172.html
[2010-08-01 11:19:47 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010-08-01 09:49:03 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempBo1592.html
[2010-08-01 09:49:02 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Temppx1592.html
[2010-07-31 21:24:00 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\BV2 ProClient.lnk
[2010-07-31 21:14:04 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\MSN Messenger 7.0.lnk
[2010-07-31 00:46:17 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempQP4392.html
[2010-07-31 00:46:17 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempnR4392.html
[2010-07-30 09:00:54 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010-07-28 20:01:35 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempwl4792.html
[2010-07-28 17:38:05 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempxT2044.html
[2010-07-28 17:38:05 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempjX2044.html
[2010-07-28 16:26:27 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Templf4680.html
[2010-07-28 16:26:27 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempew4680.html
[2010-07-28 04:33:47 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempWn1440.html
[2010-07-28 04:33:47 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempuO1440.html
[2010-07-27 10:59:54 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempSh2912.html
[2010-07-27 10:59:54 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempfg2912.html
[2010-07-26 23:39:27 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempTN5868.html
[2010-07-26 23:39:27 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPQ5868.html
[2010-07-26 16:15:08 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempCf1680.html
[2010-07-26 16:15:08 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempfL1680.html
[2010-07-26 01:27:28 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempuZ5516.html
[2010-07-26 01:27:28 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempEY5516.html
[2010-07-25 04:36:33 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempjB5988.html
[2010-07-25 04:36:33 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempVS5988.html
[2010-07-24 21:43:30 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemppO1912.html
[2010-07-24 03:13:27 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempyu5472.html
[2010-07-24 03:13:27 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempxP5472.html
[2010-07-23 16:17:17 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Evil Islands.lnk
[2010-07-23 03:02:12 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempog4168.html
[2010-07-23 03:02:12 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempfj4168.html
[2010-07-22 16:01:06 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempCp2036.html
[2010-07-22 16:01:06 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDw2036.html
[2010-07-22 03:38:12 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempIw5672.html
[2010-07-22 03:38:12 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempyC5672.html
[2010-07-22 02:22:30 | 000,000,539 | ---- | M] () -- C:\Users\Public\Desktop\Launch ZhyperMU.EXE.lnk
[2010-07-22 02:22:30 | 000,000,521 | ---- | M] () -- C:\Users\Public\Desktop\Launch mu.exe.lnk
[2010-07-21 13:42:16 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempgr2452.html
[2010-07-21 02:24:51 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempLl4348.html
[2010-07-21 02:24:51 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPI4348.html
[2010-07-20 01:26:32 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempXl1504.html
[2010-07-20 01:26:32 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempsW1504.html
[2010-07-15 21:30:55 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempxs5152.html
[2010-07-15 21:30:55 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempfD5152.html
[2010-07-15 00:43:32 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDq5844.html
[2010-07-15 00:43:32 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempiZ5844.html
[2010-07-13 21:55:14 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempLK5340.html
[2010-07-13 21:55:14 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempZu5340.html
[2010-07-13 02:03:59 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempci5688.html
[2010-07-13 02:03:59 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempOy5688.html
[2010-07-12 18:40:57 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempdB1472.html
[2010-07-12 18:40:57 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempBc1472.html
[2010-07-12 13:49:39 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010-07-12 11:53:22 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempLw5664.html
[2010-07-11 22:31:31 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempww4668.html
[2010-07-11 22:31:31 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDv4668.html
[2010-07-11 15:26:55 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempgt3568.html
[2010-07-11 15:26:55 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPT3568.html
[2010-07-11 02:07:59 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempmK2360.html
[2010-07-11 02:07:59 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempki2360.html
[2010-07-10 18:08:49 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempaO1444.html
[2010-07-10 18:08:49 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempeW1444.html
[2010-07-10 11:14:44 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPq1360.html
[2010-07-10 11:14:44 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempMK1360.html
[2010-07-10 00:40:46 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempWd2240.html
[2010-07-10 00:40:46 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempZy2240.html
[2010-07-09 23:01:54 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempza3228.html
[2010-07-09 23:01:54 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemphE3228.html
[2010-07-09 22:54:31 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\Install.job
[2010-07-09 00:24:42 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempqhU600.html
[2010-07-09 00:24:42 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Temposg600.html
[2010-07-08 16:29:27 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempwK2196.html
[2010-07-08 16:29:27 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempgq2196.html
[2010-07-07 23:21:40 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempwj3452.html
[2010-07-07 23:21:40 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempeR3452.html
[2010-07-06 22:47:23 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Temprw5876.html
[2010-07-06 22:47:23 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempRT5876.html
[2010-07-06 04:31:08 | 000,100,516 | ---- | M] () -- C:\Windows\serwer.rar
[2010-07-06 01:06:02 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempgP2016.html
[2010-07-06 01:06:02 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Temptu2016.html
[2010-07-05 23:56:17 | 000,000,676 | ---- | M] () -- C:\Users\kamil\Desktop\Zagraj.lnk
[2010-07-05 18:48:00 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempxo4312.html
[2010-07-05 18:48:00 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempkp4312.html
[2010-07-05 12:05:57 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempJl1692.html
[2010-07-05 12:05:57 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempWo1692.html
[2010-07-04 18:20:38 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempPi2236.html
[2010-07-04 18:20:38 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempnU2236.html
[2010-07-02 21:13:29 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\Templa3964.html
[2010-07-02 21:13:29 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\Tempho3964.html
[2010-07-01 20:37:15 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempDU2316.html
[2010-07-01 20:37:15 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempUc2316.html
[2010-06-30 20:30:12 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempkXB696.html
[2010-06-30 20:30:12 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempnTD696.html
[2010-06-29 20:24:53 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempMp4320.html
[2010-06-29 20:24:53 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempQq4320.html
[2010-06-29 18:01:13 | 000,000,202 | ---- | M] () -- C:\Users\kamil\Desktop\Counter-Strike.url
[2010-06-29 17:58:19 | 000,000,568 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-06-29 17:35:17 | 000,002,432 | ---- | M] () -- C:\Users\kamil\AppData\Local\TemppH1316.html
[2010-06-29 17:35:17 | 000,002,089 | ---- | M] () -- C:\Users\kamil\AppData\Local\TempxH1316.html
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-27 12:46:40 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDDK968.html
[2010-08-27 12:46:40 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempylo968.html
[2010-08-26 21:51:47 | 000,044,534 | ---- | C] () -- C:\Users\kamil\Documents\adda.jpeg
[2010-08-26 21:48:10 | 000,077,674 | ---- | C] () -- C:\Users\kamil\Documents\aga.jpeg
[2010-08-26 21:46:04 | 000,118,262 | ---- | C] () -- C:\Users\kamil\Documents\ada.jpeg
[2010-08-26 21:44:12 | 000,038,114 | ---- | C] () -- C:\Users\kamil\Documents\asa.jpeg
[2010-08-26 18:50:58 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempEP3404.html
[2010-08-25 15:16:25 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempIy5004.html
[2010-08-24 13:22:54 | 000,000,808 | ---- | C] () -- C:\Users\kamil\Desktop\launcher — skrót.lnk
[2010-08-23 16:53:16 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempmT5472.html
[2010-08-22 20:58:31 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempdw4684.html
[2010-08-22 20:58:31 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempzM4684.html
[2010-08-19 21:31:44 | 000,024,634 | ---- | C] () -- C:\Users\kamil\Documents\WoWtest.jpg
[2010-08-19 21:31:44 | 000,008,350 | ---- | C] () -- C:\Users\kamil\.recently-used.xbel
[2010-08-19 21:20:50 | 000,023,436 | ---- | C] () -- C:\Users\kamil\Documents\WoW.jpg
[2010-08-19 21:01:49 | 000,408,587 | ---- | C] () -- C:\Users\kamil\Documents\WoW.xcf
[2010-08-19 20:06:16 | 000,360,054 | ---- | C] () -- C:\Users\kamil\Documents\kopia.jpg.bmp
[2010-08-19 19:55:20 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010-08-19 19:55:20 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010-08-19 19:40:35 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2010-08-19 14:01:51 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-08-18 09:45:34 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010-08-17 21:42:00 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010-08-17 21:40:30 | 000,002,379 | ---- | C] () -- C:\Users\kamil\Desktop\Skype.lnk
[2010-08-17 21:38:33 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-17 21:38:30 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-17 13:20:29 | 000,000,619 | ---- | C] () -- C:\Users\Public\Desktop\Jade Empire.lnk
[2010-08-15 10:57:36 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempWX1360.html
[2010-08-13 14:11:44 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemplQ1032.html
[2010-08-10 18:50:29 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPx3640.html
[2010-08-10 18:50:29 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemplL3640.html
[2010-08-08 12:39:08 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDx3124.html
[2010-08-08 12:39:08 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempIh3124.html
[2010-08-05 23:44:41 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempez1412.html
[2010-08-05 23:44:40 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempEs1412.html
[2010-08-05 23:23:52 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempXp4588.html
[2010-08-05 23:23:52 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempBW4588.html
[2010-08-05 15:29:39 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempah3576.html
[2010-08-05 15:29:38 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemprQ3576.html
[2010-08-05 15:04:05 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempbZ3836.html
[2010-08-05 15:04:04 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempyt3836.html
[2010-08-04 16:15:36 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempoU4032.html
[2010-08-04 16:15:36 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempAi4032.html
[2010-08-04 16:15:36 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempAw4032.html
[2010-08-04 15:26:53 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempzC3172.html
[2010-08-04 15:26:53 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempMl3172.html
[2010-08-03 22:53:55 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempFX1580.html
[2010-08-03 22:53:53 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempXI1580.html
[2010-08-03 20:30:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempUC1708.html
[2010-08-03 20:30:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemphL1708.html
[2010-08-03 20:30:10 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempgn1708.html
[2010-08-03 18:50:01 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempub2748.html
[2010-08-03 18:50:00 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempzr2748.html
[2010-08-03 16:20:29 | 000,000,680 | ---- | C] () -- C:\Users\kamil\AppData\Local\d3d9caps.dat
[2010-08-03 15:42:29 | 000,000,585 | ---- | C] () -- C:\Users\kamil\Desktop\Critical Damage.lnk
[2010-08-03 13:58:36 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempCq1656.html
[2010-08-03 13:58:35 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempCC1656.html
[2010-08-02 23:16:19 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempFV2268.html
[2010-08-02 23:16:18 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempkl2268.html
[2010-08-01 17:52:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempNT2172.html
[2010-08-01 11:39:48 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010-08-01 11:32:00 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempQN2172.html
[2010-08-01 11:31:58 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempvU2172.html
[2010-08-01 10:39:13 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010-08-01 09:34:23 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempBo1592.html
[2010-08-01 09:33:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Temppx1592.html
[2010-07-31 21:24:00 | 000,000,725 | ---- | C] () -- C:\Users\Public\Desktop\BV2 ProClient.lnk
[2010-07-31 21:14:04 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\MSN Messenger 7.0.lnk
[2010-07-30 20:39:57 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempQP4392.html
[2010-07-30 20:39:57 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempnR4392.html
[2010-07-30 09:00:54 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010-07-28 20:00:51 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempwl4792.html
[2010-07-28 17:16:01 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempxT2044.html
[2010-07-28 17:16:01 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempjX2044.html
[2010-07-28 15:02:40 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Templf4680.html
[2010-07-28 15:02:40 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempew4680.html
[2010-07-27 11:00:51 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempWn1440.html
[2010-07-27 11:00:51 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempuO1440.html
[2010-07-27 10:57:27 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempSh2912.html
[2010-07-27 10:57:27 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempfg2912.html
[2010-07-26 20:23:07 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempTN5868.html
[2010-07-26 20:23:07 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPQ5868.html
[2010-07-26 09:06:50 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempCf1680.html
[2010-07-26 09:06:50 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempfL1680.html
[2010-07-25 16:06:01 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempuZ5516.html
[2010-07-25 16:06:01 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempEY5516.html
[2010-07-24 23:00:24 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempjB5988.html
[2010-07-24 23:00:24 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempVS5988.html
[2010-07-24 17:24:27 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemppO1912.html
[2010-07-23 16:17:17 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Evil Islands.lnk
[2010-07-23 12:08:02 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempyu5472.html
[2010-07-23 12:08:02 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempxP5472.html
[2010-07-22 17:58:24 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempog4168.html
[2010-07-22 17:58:24 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempfj4168.html
[2010-07-22 14:15:25 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempCp2036.html
[2010-07-22 14:15:25 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDw2036.html
[2010-07-22 02:22:30 | 000,000,539 | ---- | C] () -- C:\Users\Public\Desktop\Launch ZhyperMU.EXE.lnk
[2010-07-22 02:22:30 | 000,000,521 | ---- | C] () -- C:\Users\Public\Desktop\Launch mu.exe.lnk
[2010-07-21 19:59:34 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempIw5672.html
[2010-07-21 19:59:34 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempyC5672.html
[2010-07-21 13:40:45 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempgr2452.html
[2010-07-20 21:14:18 | 001,336,832 | ---- | C] () -- C:\Windows\ventrilo-2.1.4-Windows-i386.exe
[2010-07-20 21:14:18 | 000,100,516 | ---- | C] () -- C:\Windows\serwer.rar
[2010-07-20 20:01:34 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempLl4348.html
[2010-07-20 20:01:34 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPI4348.html
[2010-07-19 19:18:33 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempXl1504.html
[2010-07-19 19:18:33 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempsW1504.html
[2010-07-15 18:24:35 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempxs5152.html
[2010-07-15 18:24:35 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempfD5152.html
[2010-07-14 21:44:35 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDq5844.html
[2010-07-14 21:44:35 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempiZ5844.html
[2010-07-13 20:37:56 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempLK5340.html
[2010-07-13 20:37:56 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempZu5340.html
[2010-07-12 20:27:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempci5688.html
[2010-07-12 20:27:10 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempOy5688.html
[2010-07-12 18:35:16 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempdB1472.html
[2010-07-12 18:35:16 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempBc1472.html
[2010-07-12 13:49:39 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010-07-12 10:21:17 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempLw5664.html
[2010-07-11 16:36:39 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempww4668.html
[2010-07-11 16:36:39 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDv4668.html
[2010-07-11 12:54:47 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempgt3568.html
[2010-07-11 12:54:47 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPT3568.html
[2010-07-10 22:24:49 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempmK2360.html
[2010-07-10 22:24:49 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempki2360.html
[2010-07-10 13:29:42 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempaO1444.html
[2010-07-10 13:29:42 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempeW1444.html
[2010-07-10 08:58:46 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPq1360.html
[2010-07-10 08:58:46 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempMK1360.html
[2010-07-09 23:09:55 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempWd2240.html
[2010-07-09 23:09:55 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempZy2240.html
[2010-07-09 22:55:47 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempza3228.html
[2010-07-09 22:55:47 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemphE3228.html
[2010-07-08 23:59:25 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\Install.job
[2010-07-08 20:51:42 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempqhU600.html
[2010-07-08 20:51:42 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Temposg600.html
[2010-07-08 11:00:11 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempwK2196.html
[2010-07-08 11:00:11 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempgq2196.html
[2010-07-07 18:42:14 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempwj3452.html
[2010-07-07 18:42:14 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempeR3452.html
[2010-07-07 12:42:05 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{3982A897-C764-48B3-90D3-5CE2FC2D8A19}.job
[2010-07-06 14:28:33 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Temprw5876.html
[2010-07-06 14:28:33 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempRT5876.html
[2010-07-05 23:56:17 | 000,000,676 | ---- | C] () -- C:\Users\kamil\Desktop\Zagraj.lnk
[2010-07-05 22:49:41 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempgP2016.html
[2010-07-05 22:49:41 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Temptu2016.html
[2010-07-05 13:06:50 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempxo4312.html
[2010-07-05 13:06:50 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempkp4312.html
[2010-07-05 12:03:59 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempJl1692.html
[2010-07-05 12:03:59 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempWo1692.html
[2010-07-04 15:02:34 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempPi2236.html
[2010-07-04 15:02:34 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempnU2236.html
[2010-07-02 13:22:06 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Templa3964.html
[2010-07-02 13:22:06 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempho3964.html
[2010-07-01 13:18:40 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempDU2316.html
[2010-07-01 13:18:40 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempUc2316.html
[2010-06-30 13:13:44 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempkXB696.html
[2010-06-30 13:13:44 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempnTD696.html
[2010-06-29 18:01:13 | 000,000,202 | ---- | C] () -- C:\Users\kamil\Desktop\Counter-Strike.url
[2010-06-29 17:53:02 | 000,000,568 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-06-29 17:45:08 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempMp4320.html
[2010-06-29 17:45:08 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempQq4320.html
[2010-06-29 14:40:08 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemppH1316.html
[2010-06-29 14:40:08 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempxH1316.html
[2010-06-28 10:40:02 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempwV1564.html
[2010-06-28 10:40:02 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempyC1564.html
[2010-06-28 09:52:51 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TemppM3176.html
[2010-05-31 17:47:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-05-31 17:47:42 | 000,022,328 | ---- | C] () -- C:\Users\kamil\AppData\Roaming\PnkBstrK.sys
[2010-05-18 16:48:30 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010-05-18 16:48:30 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010-05-18 16:48:30 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010-04-27 17:49:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-04-24 13:56:50 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempYg3044.html
[2010-04-23 20:28:00 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Temppy1876.html
[2010-04-23 20:28:00 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempEY1876.html
[2010-04-20 11:26:23 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempLW3776.html
[2010-04-20 11:26:23 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Templd3776.html
[2010-04-18 20:08:03 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempqv2896.html
[2010-04-18 20:08:03 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempkK2896.html
[2010-04-18 11:26:35 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempdk2792.html
[2010-04-18 11:26:35 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempZh2792.html
[2010-04-17 17:35:08 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempJH3920.html
[2010-04-17 17:35:08 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempuz3920.html
[2010-04-17 09:52:07 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempXK2252.html
[2010-04-16 19:24:53 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempqgU376.html
[2010-04-16 19:24:53 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempvBC376.html
[2010-04-16 16:36:09 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempgR4068.html
[2010-04-13 19:51:04 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempoR3468.html
[2010-04-13 19:51:04 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempSP3468.html
[2010-04-12 16:11:00 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempXQ2732.html
[2010-04-12 16:11:00 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempxv2732.html
[2010-04-11 19:42:23 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempEZ2156.html
[2010-04-11 19:42:23 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Tempfu2156.html
[2010-04-11 10:09:31 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempAZ2624.html
[2010-04-11 10:09:31 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\Templn2624.html
[2010-04-10 22:03:24 | 000,069,632 | ---- | C] () -- C:\Users\kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-10 18:49:16 | 000,000,169 | ---- | C] () -- C:\Windows\adidsl.ini
[2010-04-10 18:49:16 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2010-04-10 18:48:14 | 000,000,990 | ---- | C] () -- C:\Windows\adiras.ini
[2010-04-10 18:48:10 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2010-04-10 18:07:10 | 000,002,432 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempHh2412.html
[2010-04-10 18:07:10 | 000,002,089 | ---- | C] () -- C:\Users\kamil\AppData\Local\TempKy2412.html
[2010-04-10 18:06:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-10 14:03:16 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-07-25 13:51:28 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008-07-25 13:38:07 | 000,137,021 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008-07-25 13:37:47 | 000,137,021 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008-07-25 13:19:47 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008-07-25 13:19:47 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008-07-25 11:38:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007-02-15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006-11-29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-10-09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001-11-14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-05-10 19:42:40 | 000,000,000 | -HSD | M] -- C:\Users\kamil\AppData\Roaming\.#
[2010-04-27 17:54:19 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\DAEMON Tools Lite
[2010-04-24 11:07:41 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\fretsonfire
[2010-08-01 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\Gadu-Gadu 10
[2010-07-12 13:24:19 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\GetRightToGo
[2010-08-19 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\gtk-2.0
[2010-04-10 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\ipla
[2010-07-13 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\OpenFM
[2010-04-25 10:32:47 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\Sudeki
[2010-08-24 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\uTorrent
[2010-07-09 22:54:31 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2010-08-26 22:00:51 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-08-27 19:12:30 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3982A897-C764-48B3-90D3-5CE2FC2D8A19}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008-01-21 04:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008-02-09 04:52:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-08-27 12:42:26 | 2141,831,168 | -HS- | M] () -- C:\hiberfil.sys
[2009-03-30 08:32:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-03-30 08:32:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-08-27 12:42:25 | 2455,633,920 | -HS- | M] () -- C:\pagefile.sys
[2008-07-25 13:03:42 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2009-06-05 16:20:18 | 000,000,086 | ---- | M] () -- C:\Setup.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008-01-21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-21 04:33:14 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-21 04:33:14 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys
[2008-01-21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-21 04:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008-01-21 04:33:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008-01-21 04:33:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< End of report >[/log]



[log]OTL Extras logfile created on: 2010-08-27 21:38:56 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\kamil\Documents\download
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 28,18 Gb Free Space | 40,81% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 8,78 Gb Free Space | 12,54% Space Free | Partition Type: NTFS
Drive E: | 416,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 405,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMIL-DOM
Current User Name: kamil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-23042342-2651542211-2932212354-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E7CC823-67DF-4023-B491-C097C162A31C}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F63EFE9-1FBC-467C-AED3-9038D02A67B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{63770BFE-ED81-429B-96C5-F8DDA432119A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F8600B0-B9D7-4E8A-BDB3-8195D0CE0296}" = lport=138 | protocol=17 | dir=in | app=system |
"{84A8ACDD-AC65-4FAF-A279-B029F0AFCF82}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B0BB7F6-80B9-4DF1-A238-D46C64D74188}" = rport=138 | protocol=17 | dir=out | app=system |
"{90A14FA0-30DC-46B2-9722-427BDCAC6907}" = lport=139 | protocol=6 | dir=in | app=system |
"{9CC21560-7B15-4D44-97CA-70C7E421B3FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0CD9D42-A248-431B-9C54-39EACB788FB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDCA7BEC-289B-4C6E-8019-5404B674D3ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF585DB2-F59B-40B8-87D4-6DAEA8EBDFA1}" = rport=445 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0181D501-0AB2-4A74-9B1A-9FF49BB44583}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{03279F81-5F12-4DB0-8E8F-0B8C20495C1D}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{0A5CCF83-E8E3-4E9C-BD3C-C2F33210947A}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{0CB4F52E-99EE-46E0-8F91-3083829FA1C7}" = protocol=6 | dir=in | app=d:\gry\bitwa o śródziemie\game.dat |
"{21DBA5F2-D64B-4C9D-9B4F-60BCD9E28B90}" = protocol=17 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{2467551C-7C83-4DEF-85E9-CFD85238D7FB}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{24F2CAB8-9A99-4355-8A67-C50E39EF4E94}" = protocol=6 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{2C7AC75B-5BEA-4BC6-B993-6091C7F2757D}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2main.exe |
"{2D4543C6-3D19-4103-BA08-CC609F74AB4C}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2editor.exe |
"{2E074510-7277-448B-8EA6-C51A118A75CF}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2main_amdxp.exe |
"{2F2A37EF-1038-448C-9CB4-E7DC634322B8}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2launcher.exe |
"{371B1AE5-DB60-401F-B72E-50BCFAD6391F}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{3E3E907F-825E-44BA-9983-44DECD2B8DBA}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2server.exe |
"{45263860-59F6-452D-88DA-42DE6B20E559}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{45E21BF7-A367-4185-9184-FCED477BE90D}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\farcry2.exe |
"{48905CAF-416F-45DE-AE8C-D530120A7C97}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2server.exe |
"{5B9407A0-28A5-40DD-AE59-A3682B8AA93C}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2main_amdxp.exe |
"{5DBA5E8E-0A10-4D20-A790-6B13B49E9CF7}" = protocol=17 | dir=in | app=d:\gry\steam\steam.exe |
"{6291B4E1-DC5B-44EB-94AE-02ABC7E2EE0B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{62C95CE5-A8A5-44CF-8D22-93507C352542}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{66236857-667E-44B5-876E-BF7B71B8492F}" = protocol=6 | dir=in | app=d:\gry\steam\steam.exe |
"{6C7657B3-185F-4A92-B4DE-8B0CB24FB694}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{78737741-9D19-4BAE-A65D-E2358B39EA26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8098A976-B884-4597-89DB-4259AD1B9967}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8260E1F9-1531-4AC4-96E0-50EFFDF6292D}" = protocol=17 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{908D642A-230B-4B33-9F55-DB89794C7AAA}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2main.exe |
"{91C1A158-AD80-42FB-AD47-CE3DCA15F91D}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2editor.exe |
"{93ECE2A4-A0EA-4466-8B47-29AE9E08CDAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEE12F3A-308C-4FE5-8125-82E3C35A1705}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwupdate.exe |
"{B0C40A01-D221-4196-9149-45C0201C2B9E}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwupdate.exe |
"{B1A58899-0ED4-4AC4-A95B-B1D84C63D937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2E905EE-FFDA-4D89-A34F-E2DA465A029B}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2launcher.exe |
"{BE56C866-B359-470C-9694-ADBC2C873212}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{CA258FF5-ED95-4DF2-9455-480FFA0E1169}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC4D6F54-E850-49AA-8603-BC59E807481B}" = protocol=17 | dir=in | app=d:\gry\bitwa o śródziemie\game.dat |
"{CCF1F04F-0E00-42FE-9BE8-ADDA7EC798F8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D3437876-83C3-4008-A7E0-587D0C187A35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E8FB2136-D53A-4463-938E-7DCFF2BA1E21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EBA2273C-ED57-4D8C-B171-B02F5408B24D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{ED840BBA-2C36-4525-8108-669551CD368E}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\farcry2.exe |
"{F41D6D52-2075-42F3-9A9C-A48A84B3B174}" = protocol=6 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"TCP Query User{15BAD523-BABE-482C-86E0-7FC354A0DCD4}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"TCP Query User{22A52C38-1EBD-4A34-83B4-897217788B32}D:\gry\puzzle quest\puzzle quest.exe" = protocol=6 | dir=in | app=d:\gry\puzzle quest\puzzle quest.exe |
"TCP Query User{248EA3D1-E41F-4F89-BF3B-94A23D76A6F4}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"TCP Query User{3615DAC5-6A82-4855-B75B-BE477DC2604A}D:\gry\baboviolent 2\bv2.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"TCP Query User{5E4EB950-208A-4163-9DB1-501C64044FCD}D:\gry\metin priv\mcmetinpro.exe" = protocol=6 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"TCP Query User{B3E2C763-F1C7-4D5F-AE64-51813CE7FB4F}D:\gry\baboviolent 2\bv2.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"TCP Query User{C7DD2C2C-1507-4FC0-A4E9-242DA0AE3BFC}D:\gry\evil islands\game.exe" = protocol=6 | dir=in | app=d:\gry\evil islands\game.exe |
"TCP Query User{C88AC836-914B-487D-BC83-B9C3870C51CD}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{CB6257FE-7E86-4881-BC48-E56866F1AC4E}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"TCP Query User{CB9A6DBF-34B9-4C8C-9192-02E495980561}D:\gry\metin priv\mcmetinpro.exe" = protocol=6 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"TCP Query User{D12ED84E-A828-4F71-9257-00E39EC958C4}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"TCP Query User{D3D1329C-9AAB-4F9A-A754-A30374230087}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{EC02B774-4031-4F48-8E07-1AA930D12FBB}D:\gry\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\gry\tmnationsforever\tmforever.exe |
"TCP Query User{ECA9F7DF-FCFF-454B-8E0B-8D3F1BEDE6CD}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"TCP Query User{FB8C8DA7-7078-412B-9B99-66B547E859D2}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"TCP Query User{FCED68DF-798E-49FC-91A3-C03BD19E11E5}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{1E7BB258-9CF7-4BD1-B38C-A2B520434C57}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{3409B93B-A763-4459-86DF-1171A5BE4A6F}D:\gry\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\gry\tmnationsforever\tmforever.exe |
"UDP Query User{40A0D05A-539C-4F75-A0B2-D45F235E1AF5}D:\gry\baboviolent 2\bv2.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"UDP Query User{60176350-23D1-4897-AE53-E594053EE9B1}D:\gry\baboviolent 2\bv2.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"UDP Query User{6283023B-B287-498B-B539-7215D316C4F7}D:\gry\metin priv\mcmetinpro.exe" = protocol=17 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"UDP Query User{64A17349-B903-40CA-937B-7E4915F4CE70}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{74055167-4664-4A1A-AE27-881BBC91C4CC}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"UDP Query User{7F7D4B8B-3082-4D60-B5C2-D8FBFFD16DFA}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"UDP Query User{984DAE58-AAF6-4D29-AEB0-05A5A4428A42}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{A92A64BC-A28A-4DB0-B814-C009560DB30B}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"UDP Query User{AB0B3906-304A-4057-930A-9CCAA73BD308}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"UDP Query User{B58B9CD4-BF3B-4B40-B648-F65E452B7187}D:\gry\evil islands\game.exe" = protocol=17 | dir=in | app=d:\gry\evil islands\game.exe |
"UDP Query User{C39B02C7-13D9-4FEE-A4D2-4AEC0B3B56D3}D:\gry\metin priv\mcmetinpro.exe" = protocol=17 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"UDP Query User{D096DDFD-B8DB-4FCB-B421-C08BC7CEC544}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"UDP Query User{E3B0EEDC-7D06-4805-803F-E906837B7CEA}D:\gry\puzzle quest\puzzle quest.exe" = protocol=17 | dir=in | app=d:\gry\puzzle quest\puzzle quest.exe |
"UDP Query User{E660E2EE-B5EE-4DCC-BD53-2A718D4B7540}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{1021878C-B14A-4A55-9D6E-E0603455C2F4}_is1" = BV2 ProClient 2.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{385FB7F2-C398-4A91-93DE-188977864AB0}" = ZMU2010SMALL R3
"{3C2F83D3-3F75-4920-8E23-23A9FBADB35D}" = Microsoft Antimalware Service PL-PL Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ac40384-37ba-421c-b14c-2ecbe4403817}" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88C68165-3C92-11D5-B95D-00E07D97B508}" = Evil Islands
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1045-7B44-A80000000000}" = Adobe Reader 8 - Polish
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin Edycja Rozszerzona
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"A-Mind" = Absolute Mastermind v1.4
"AP Tuner 3.08" = AP Tuner 3.08
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"Business Contact Manager" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"Critical Damage_is1" = Critical Damage
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"FarmingSimulator2009PL_is1" = Symulator-Farmy 2009
"FastStone Photo Resizer" = FastStone Photo Resizer 2.5
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"ipla" = ipla 2.1.2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"Niezbędnik CD_is1" = Niezbędnik CD
"NVIDIA Drivers" = NVIDIA Drivers
"Odyssee" = Odyseja
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"PuzzleQuest_is1" = Puzzle Quest
"RealAlt_is1" = Real Alternative 2.0.2
"Septerra Core PL" = Septerra Core PL
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.10

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-08-11 15:24:31 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-12 06:33:08 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-12 15:29:43 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-13 05:59:16 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-13 08:10:40 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 03:19:36 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 03:46:26 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 08:10:17 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 16:11:42 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-15 04:57:08 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2010-08-01 17:41:27 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:41:27 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:43:28 | Computer Name = Kamil-dom | Source = HTTP | ID = 15016
Description =

Error - 2010-08-01 17:44:22 | Computer Name = Kamil-dom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2010-08-01 17:45:04 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:45:04 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-02 05:00:59 | Computer Name = Kamil-dom | Source = HTTP | ID = 15016
Description =

Error - 2010-08-02 05:01:51 | Computer Name = Kamil-dom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2010-08-02 05:02:34 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-02 05:02:34 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =


< End of report >[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by kamil at 2010-08-27 21:57:38
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 29 GB (41%) free of 71 GB
Total RAM: 2042 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:17, on 2010-08-27
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
D:\Gry\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Users\kamil\Documents\download\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kamil\Documents\download\RSIT.exe
C:\Program Files\trend micro\kamil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=CriticalDamage&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [nod32] C:\Users\kamil\AppData\Local\Temp\nodqq.exe
O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7032 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Install.job
C:\Windows\tasks\User_Feed_Synchronization-{3982A897-C764-48B3-90D3-5CE2FC2D8A19}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-10 1233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-10 1233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32"=C:\Users\kamil\AppData\Local\Temp\nodqq.exe []
"Steam"=D:\Gry\Steam\Steam.exe [2010-08-24 1242448]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
C:\Program Files\Gadu-Gadu 10\gg.exe [2010-07-22 12477024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2010-02-02 14252952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-22 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-27 21:57:41 ----D---- C:\Program Files\trend micro
2010-08-27 21:57:38 ----D---- C:\rsit
2010-08-19 19:55:18 ----D---- C:\Program Files\IrfanView
2010-08-19 19:40:39 ----D---- C:\Users\kamil\AppData\Roaming\FastStone
2010-08-19 19:40:30 ----D---- C:\Program Files\FastStone Photo Resizer
2010-08-19 14:01:51 ----D---- C:\Program Files\Common Files\Skype
2010-08-18 10:54:00 ----D---- C:\Users\kamil\AppData\Roaming\gtk-2.0
2010-08-18 09:44:48 ----D---- C:\Program Files\GIMP-2.0
2010-08-17 21:55:00 ----RD---- C:\Program Files\Skype
2010-08-17 21:37:55 ----D---- C:\Program Files\Google
2010-08-17 13:20:28 ----A---- C:\Windows\Uninstall Jade Empire.exe
2010-08-11 13:16:18 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 13:16:11 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 13:16:04 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 13:16:04 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-11 13:16:01 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 13:16:01 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\ieaksie.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\occache.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\ieencode.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 13:15:53 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 13:15:51 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 13:15:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 13:15:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 13:15:43 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 13:15:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 13:15:40 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 13:15:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-04 14:10:05 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-08-04 14:10:05 ----A---- C:\Windows\system32\PresentationHost.exe
2010-08-04 14:10:05 ----A---- C:\Windows\system32\netfxperf.dll
2010-08-04 14:10:05 ----A---- C:\Windows\system32\mscoree.dll
2010-08-04 14:10:04 ----A---- C:\Windows\system32\dfshim.dll
2010-08-04 14:06:27 ----D---- C:\Windows\SQL9_KB970892_ENU
2010-08-03 14:25:29 ----A---- C:\Windows\system32\winhttp.dll
2010-08-03 14:25:19 ----A---- C:\Windows\system32\drivers\http.sys
2010-08-03 14:25:18 ----A---- C:\Windows\system32\nshhttp.dll
2010-08-03 14:25:18 ----A---- C:\Windows\system32\httpapi.dll
2010-08-03 14:24:52 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 11:47:12 ----A---- C:\Windows\system32\browserchoice.exe
2010-08-02 11:20:49 ----A---- C:\Windows\system32\infocardapi.dll
2010-08-02 11:20:48 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-02 11:20:46 ----A---- C:\Windows\system32\icardagt.exe
2010-08-02 11:20:45 ----A---- C:\Windows\system32\icardres.dll
2010-08-02 11:20:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-08-02 11:11:08 ----A---- C:\Windows\system32\mscorier.dll
2010-08-02 11:10:44 ----A---- C:\Windows\system32\mscories.dll
2010-08-01 12:29:05 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-08-01 12:29:00 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-08-01 12:28:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-08-01 11:40:03 ----A---- C:\Windows\system32\t2embed.dll
2010-08-01 11:39:59 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-08-01 11:39:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-01 11:39:51 ----A---- C:\Windows\system32\msxml6.dll
2010-08-01 11:39:46 ----A---- C:\Windows\system32\wlanmsm.dll
2010-08-01 11:39:46 ----A---- C:\Windows\system32\L2SecHC.dll
2010-08-01 11:39:45 ----A---- C:\Windows\system32\wlansvc.dll
2010-08-01 11:39:45 ----A---- C:\Windows\system32\wlansec.dll
2010-08-01 11:39:30 ----A---- C:\Windows\system32\netiohlp.dll
2010-08-01 11:39:29 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\MRINFO.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\finger.exe
2010-08-01 11:39:28 ----A---- C:\Windows\system32\ARP.EXE
2010-08-01 11:39:27 ----A---- C:\Windows\system32\ROUTE.EXE
2010-08-01 11:39:26 ----A---- C:\Windows\system32\netevent.dll
2010-08-01 11:38:44 ----A---- C:\Windows\system32\msv1_0.dll
2010-08-01 11:38:37 ----A---- C:\Windows\system32\inetcomm.dll
2010-08-01 11:38:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-08-01 11:38:32 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-08-01 11:38:32 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-08-01 11:38:26 ----A---- C:\Windows\system32\pacerprf.dll
2010-08-01 11:38:26 ----A---- C:\Windows\system32\drivers\pacer.sys
2010-08-01 11:38:21 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-08-01 11:38:19 ----A---- C:\Windows\system32\mf.dll
2010-08-01 11:37:54 ----A---- C:\Windows\system32\asycfilt.dll
2010-08-01 11:37:52 ----A---- C:\Windows\system32\vbscript.dll
2010-08-01 11:37:50 ----A---- C:\Windows\system32\atl.dll
2010-08-01 11:37:48 ----A---- C:\Windows\system32\gdi32.dll
2010-08-01 11:37:39 ----A---- C:\Windows\system32\tzres.dll
2010-08-01 11:37:18 ----A---- C:\Windows\system32\xolehlp.dll
2010-08-01 11:37:18 ----A---- C:\Windows\system32\msdtcprx.dll
2010-08-01 11:37:16 ----A---- C:\Windows\system32\es.dll
2010-08-01 11:37:12 ----A---- C:\Windows\system32\mstscax.dll
2010-08-01 11:37:09 ----A---- C:\Windows\system32\wkssvc.dll
2010-08-01 11:37:07 ----A---- C:\Windows\system32\wmpeffects.dll
2010-08-01 11:37:03 ----A---- C:\Windows\system32\netapi32.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\fontsub.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\dciman32.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\atmlib.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\atmfd.dll
2010-08-01 11:36:30 ----A---- C:\Windows\system32\localspl.dll
2010-08-01 11:36:27 ----A---- C:\Windows\explorer.exe
2010-08-01 11:36:23 ----A---- C:\Windows\system32\kerberos.dll
2010-08-01 11:36:22 ----A---- C:\Windows\system32\wdigest.dll
2010-08-01 11:36:21 ----A---- C:\Windows\system32\lsasrv.dll
2010-08-01 11:36:21 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2010-08-01 11:36:20 ----A---- C:\Windows\system32\secur32.dll
2010-08-01 11:36:20 ----A---- C:\Windows\system32\lsass.exe
2010-08-01 11:36:05 ----A---- C:\Windows\system32\rpcss.dll
2010-08-01 11:36:03 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-08-01 11:36:01 ----A---- C:\Windows\system32\sdohlp.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\iasrecst.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\iasdatastore.dll
2010-08-01 11:36:00 ----A---- C:\Windows\system32\iashost.exe
2010-08-01 11:36:00 ----A---- C:\Windows\system32\iasads.dll
2010-08-01 11:35:51 ----A---- C:\Windows\system32\jscript.dll
2010-08-01 11:35:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-08-01 11:35:45 ----A---- C:\Windows\system32\drivers\tunnel.sys
2010-08-01 11:35:28 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-01 11:35:20 ----A---- C:\Windows\system32\quartz.dll
2010-08-01 11:35:12 ----A---- C:\Windows\system32\kernel32.dll
2010-08-01 11:35:11 ----A---- C:\Windows\system32\apilogen.dll
2010-08-01 11:35:11 ----A---- C:\Windows\system32\amxread.dll
2010-08-01 11:35:07 ----A---- C:\Windows\system32\win32spl.dll
2010-08-01 11:35:05 ----A---- C:\Windows\system32\emdmgmt.dll
2010-08-01 11:35:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-01 11:35:04 ----A---- C:\Windows\system32\dataclen.dll
2010-08-01 11:35:04 ----A---- C:\Windows\system32\cdd.dll
2010-08-01 11:35:01 ----A---- C:\Windows\system32\drivers\rmcast.sys
2010-08-01 11:34:53 ----A---- C:\Windows\system32\wmp.dll
2010-08-01 11:34:51 ----A---- C:\Windows\system32\wmpdxm.dll
2010-08-01 11:34:49 ----A---- C:\Windows\system32\spwmp.dll
2010-08-01 11:34:48 ----A---- C:\Windows\system32\dxmasf.dll
2010-08-01 11:34:47 ----A---- C:\Windows\system32\wmploc.DLL
2010-08-01 11:34:37 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-08-01 11:34:36 ----A---- C:\Windows\system32\logagent.exe
2010-08-01 11:34:33 ----A---- C:\Windows\system32\wshext.dll
2010-08-01 11:34:33 ----A---- C:\Windows\system32\wscript.exe
2010-08-01 11:34:32 ----A---- C:\Windows\system32\scrrun.dll
2010-08-01 11:34:32 ----A---- C:\Windows\system32\scrobj.dll
2010-08-01 11:34:32 ----A---- C:\Windows\system32\cscript.exe
2010-08-01 11:34:29 ----A---- C:\Windows\system32\msasn1.dll
2010-08-01 11:34:17 ----A---- C:\Windows\system32\rpcrt4.dll
2010-08-01 11:34:13 ----A---- C:\Windows\system32\rastls.dll
2010-08-01 11:34:13 ----A---- C:\Windows\system32\raschap.dll
2010-08-01 11:34:09 ----A---- C:\Windows\system32\WSDApi.dll
2010-08-01 11:34:00 ----A---- C:\Windows\system32\msvidc32.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\tsbyuv.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\msyuv.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\msrle32.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\iyuv_32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\mciavi32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\avifil32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\avicap32.dll
2010-08-01 11:33:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-08-01 11:29:44 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-08-01 10:57:06 ----A---- C:\Windows\system32\wintrust.dll
2010-08-01 10:57:00 ----A---- C:\Windows\system32\cabview.dll
2010-08-01 10:52:31 ----N---- C:\Windows\system32\MpSigStub.exe
2010-08-01 10:40:25 ----A---- C:\Windows\system32\wups2.dll
2010-08-01 10:40:25 ----A---- C:\Windows\system32\wuauclt.exe
2010-08-01 10:40:24 ----A---- C:\Windows\system32\wucltux.dll
2010-08-01 10:40:24 ----A---- C:\Windows\system32\wuaueng.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wups.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wudriver.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wuapi.dll
2010-08-01 10:40:00 ----A---- C:\Windows\system32\wuwebv.dll
2010-08-01 10:40:00 ----A---- C:\Windows\system32\wuapp.exe
2010-08-01 10:39:11 ----D---- C:\Program Files\Microsoft Security Essentials
2010-07-31 21:14:02 ----D---- C:\Program Files\MSN Messenger
2010-07-30 13:30:43 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-30 09:01:42 ----D---- C:\Program Files\Ask.com
2010-07-30 09:00:54 ----D---- C:\Program Files\uTorrent
2010-07-30 08:59:55 ----D---- C:\Users\kamil\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2010-08-27 21:57:41 ----RD---- C:\Program Files
2010-08-27 21:57:35 ----D---- C:\Windows\Temp
2010-08-27 21:46:42 ----D---- C:\Users\kamil\AppData\Roaming\Skype
2010-08-27 16:05:57 ----D---- C:\Users\kamil\AppData\Roaming\skypePM
2010-08-26 15:01:49 ----SHD---- C:\System Volume Information
2010-08-25 13:37:04 ----D---- C:\Program Files\Common Files\Steam
2010-08-24 13:15:05 ----SHD---- C:\Windows\Installer
2010-08-24 13:14:28 ----RSD---- C:\Windows\assembly
2010-08-24 12:41:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-19 14:02:01 ----D---- C:\Windows\system32\Tasks
2010-08-19 14:01:51 ----D---- C:\Program Files\Common Files
2010-08-19 14:01:44 ----D---- C:\ProgramData\Skype
2010-08-19 12:04:23 ----D---- C:\Windows\Prefetch
2010-08-18 00:46:05 ----SD---- C:\Users\kamil\AppData\Roaming\Microsoft
2010-08-17 23:37:25 ----D---- C:\Windows\System32
2010-08-17 23:37:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-17 23:37:24 ----D---- C:\Windows\inf
2010-08-17 21:38:33 ----D---- C:\Windows\Tasks
2010-08-17 13:20:28 ----D---- C:\Windows
2010-08-16 09:09:34 ----D---- C:\Windows\system32\catroot2
2010-08-12 21:34:49 ----D---- C:\Windows\Microsoft.NET
2010-08-12 12:52:57 ----D---- C:\Program Files\Internet Explorer
2010-08-12 12:52:54 ----D---- C:\Program Files\Movie Maker
2010-08-12 12:52:52 ----D---- C:\Windows\system32\drivers
2010-08-12 12:47:10 ----D---- C:\Windows\winsxs
2010-08-12 12:42:25 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 12:40:00 ----D---- C:\Windows\system32\catroot
2010-08-08 23:35:13 ----D---- C:\Windows\system32\WDI
2010-08-04 15:00:32 ----D---- C:\Windows\rescache
2010-08-04 14:36:46 ----D---- C:\Windows\system32\wbem
2010-08-04 14:36:45 ----D---- C:\Windows\system32\pl-PL
2010-08-04 14:36:45 ----D---- C:\Windows\system32\drivers\pl-PL
2010-08-04 14:07:14 ----D---- C:\Program Files\Microsoft SQL Server
2010-08-02 12:44:47 ----D---- C:\Program Files\Windows Mail
2010-08-02 12:44:40 ----D---- C:\Windows\system32\manifeststore
2010-08-02 12:44:40 ----D---- C:\Windows\AppPatch
2010-08-02 12:44:39 ----D---- C:\Program Files\Windows Media Player
2010-08-02 12:44:35 ----D---- C:\Windows\system32\XPSViewer
2010-08-02 12:44:35 ----D---- C:\Windows\system32\en-US
2010-08-02 11:44:00 ----RSD---- C:\Windows\Fonts
2010-08-02 11:43:51 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-02 11:43:26 ----D---- C:\Program Files\Microsoft Works
2010-08-02 11:41:45 ----A---- C:\Windows\win.ini
2010-08-02 11:36:21 ----D---- C:\Windows\Registration
2010-08-02 11:07:10 ----D---- C:\Windows\SoftwareDistribution
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntfNT.dll
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntf32.dll
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntf16.dll
2010-08-01 10:39:26 ----SD---- C:\ProgramData\Microsoft
2010-08-01 10:33:44 ----HD---- C:\ProgramData
2010-08-01 09:34:23 ----D---- C:\Users\kamil\AppData\Roaming\Gadu-Gadu 10

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-06-16 318488]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-27 691696]
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\Windows\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 awv0817p;awv0817p; C:\Windows\system32\drivers\awv0817p.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Urz1dzenie dYwiekowe Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LLRING0;LLRING0; \??\D:\Gry\Zypher\zhypermu small r3\MuGuard\llck2.sys [2010-07-22 5120]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 BcmSqlStartupSvc;Usługa startowa serwera SQL dodatku Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-25 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-31 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-05-31 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-24 407336]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-02 3594440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

Odinstaluj: Ask toolbar, DAEMON Tools Toolbar

Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185[2010-04-27 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\DTToolbar@toolbarnet.com
[2010-07-30 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\toolbar@ask.com
[2010-04-27 17:49:40 | 000,002,055 | ---- | M] () -- C:\Users\kamil\AppData\Roaming\Mozilla\FireFox\Profiles\gmr2j1a9.default\searchplugins\daemon-search.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKU\S-1-5-21-23042342-2651542211-2932212354-1003..\Run: [nod32] C:\Users\kamil\AppData\Local\Temp\nodqq.exe File not found
O33 - MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\Shell\AutoRun\command - "" = F:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\Shell\open\Command - "" = F:\22yj2fy1.exe -- File not found

:Files
C:\Users\kamil\AppData\Local\AskToolbar
C:\Users\kamil\AppData\Local\TempDDK968.html
C:\Users\kamil\AppData\Local\Tempylo968.html
C:\Users\kamil\AppData\Local\TempEP3404.html
C:\Users\kamil\AppData\Local\TempIy5004.html
C:\Users\kamil\AppData\Local\TempmT5472.html
C:\Users\kamil\AppData\Local\Tempdw4684.html
C:\Users\kamil\AppData\Local\TempzM4684.html
C:\Users\kamil\AppData\Local\TempWX1360.html
C:\Users\kamil\AppData\Local\TemplQ1032.html
C:\Users\kamil\AppData\Local\TempPx3640.html
C:\Users\kamil\AppData\Local\TemplL3640.html
C:\Users\kamil\AppData\Local\TempDx3124.html
C:\Users\kamil\AppData\Local\TempIh3124.html
C:\Users\kamil\AppData\Local\Tempez1412.html
C:\Users\kamil\AppData\Local\TempEs1412.html
C:\Users\kamil\AppData\Local\TempBW4588.html
C:\Users\kamil\AppData\Local\TempXp4588.html
C:\Users\kamil\AppData\Local\Tempah3576.html
C:\Users\kamil\AppData\Local\TemprQ3576.html
C:\Users\kamil\AppData\Local\TempbZ3836.html
C:\Users\kamil\AppData\Local\Tempyt3836.html
C:\Users\kamil\AppData\Local\TempoU4032.html
C:\Users\kamil\AppData\Local\TempAw4032.html
C:\Users\kamil\AppData\Local\TempAi4032.html
C:\Users\kamil\AppData\Local\TempzC3172.html
C:\Users\kamil\AppData\Local\TempMl3172.html
C:\Users\kamil\AppData\Local\TempFX1580.html
C:\Users\kamil\AppData\Local\TempXI1580.html
C:\Users\kamil\AppData\Local\TempUC1708.html
C:\Users\kamil\AppData\Local\Tempgn1708.html
C:\Users\kamil\AppData\Local\TemphL1708.html
C:\Users\kamil\AppData\Local\Tempzr2748.html
C:\Users\kamil\AppData\Local\Tempub2748.html
C:\Users\kamil\AppData\Local\TempCC1656.html
C:\Users\kamil\AppData\Local\TempCq1656.html
C:\Users\kamil\AppData\Local\Tempkl2268.html
C:\Users\kamil\AppData\Local\TempFV2268.html
C:\Users\kamil\AppData\Local\TempQN2172.html
C:\Users\kamil\AppData\Local\TempNT2172.html
C:\Users\kamil\AppData\Local\TempvU2172.html
C:\Users\kamil\AppData\Local\TempBo1592.html
C:\Users\kamil\AppData\Local\Temppx1592.html
C:\Users\kamil\AppData\Local\TempQP4392.html
C:\Users\kamil\AppData\Local\TempnR4392.html
C:\Users\kamil\AppData\Local\Tempwl4792.html
C:\Users\kamil\AppData\Local\TempxT2044.html
C:\Users\kamil\AppData\Local\TempjX2044.html
C:\Users\kamil\AppData\Local\Templf4680.html
C:\Users\kamil\AppData\Local\Tempew4680.html
C:\Users\kamil\AppData\Local\TempWn1440.html
C:\Users\kamil\AppData\Local\TempuO1440.html
C:\Users\kamil\AppData\Local\TempSh2912.html
C:\Users\kamil\AppData\Local\Tempfg2912.html
C:\Users\kamil\AppData\Local\TempTN5868.html
C:\Users\kamil\AppData\Local\TempPQ5868.html
C:\Users\kamil\AppData\Local\TempCf1680.html
C:\Users\kamil\AppData\Local\TempfL1680.html
C:\Users\kamil\AppData\Local\TempuZ5516.html
C:\Users\kamil\AppData\Local\TempEY5516.html
C:\Users\kamil\AppData\Local\TempjB5988.html
C:\Users\kamil\AppData\Local\TempVS5988.html
C:\Users\kamil\AppData\Local\TemppO1912.html
C:\Users\kamil\AppData\Local\Tempyu5472.html
C:\Users\kamil\AppData\Local\TempxP5472.html
C:\Users\kamil\AppData\Local\Tempog4168.html
C:\Users\kamil\AppData\Local\Tempfj4168.html
C:\Users\kamil\AppData\Local\TempCp2036.html
C:\Users\kamil\AppData\Local\TempDw2036.html
C:\Users\kamil\AppData\Local\TempIw5672.html
C:\Users\kamil\AppData\Local\TempyC5672.html
C:\Users\kamil\AppData\Local\Tempgr2452.html
C:\Users\kamil\AppData\Local\TempLl4348.html
C:\Users\kamil\AppData\Local\TempPI4348.html
C:\Users\kamil\AppData\Local\TempXl1504.html
C:\Users\kamil\AppData\Local\TempsW1504.html
C:\Users\kamil\AppData\Local\Tempxs5152.html
C:\Users\kamil\AppData\Local\TempfD5152.html
C:\Users\kamil\AppData\Local\TempDq5844.html
C:\Users\kamil\AppData\Local\TempiZ5844.html
C:\Users\kamil\AppData\Local\TempLK5340.html
C:\Users\kamil\AppData\Local\TempZu5340.html
C:\Users\kamil\AppData\Local\Tempci5688.html
C:\Users\kamil\AppData\Local\TempOy5688.html
C:\Users\kamil\AppData\Local\TempdB1472.html
C:\Users\kamil\AppData\Local\TempBc1472.html
C:\Users\kamil\AppData\Local\TempLw5664.html
C:\Users\kamil\AppData\Local\Tempww4668.html
C:\Users\kamil\AppData\Local\TempDv4668.html
C:\Users\kamil\AppData\Local\Tempgt3568.html
C:\Users\kamil\AppData\Local\TempPT3568.html
C:\Users\kamil\AppData\Local\TempmK2360.html
C:\Users\kamil\AppData\Local\Tempki2360.html
C:\Users\kamil\AppData\Local\TempaO1444.html
C:\Users\kamil\AppData\Local\TempeW1444.html
C:\Users\kamil\AppData\Local\TempPq1360.html
C:\Users\kamil\AppData\Local\TempMK1360.html
C:\Users\kamil\AppData\Local\TempWd2240.html
C:\Users\kamil\AppData\Local\TempZy2240.html
C:\Users\kamil\AppData\Local\Tempza3228.html
C:\Users\kamil\AppData\Local\TemphE3228.html
C:\Users\kamil\AppData\Local\TempqhU600.html
C:\Users\kamil\AppData\Local\Temposg600.html
C:\Users\kamil\AppData\Local\TempwK2196.html
C:\Users\kamil\AppData\Local\Tempgq2196.html
C:\Users\kamil\AppData\Local\Tempwj3452.html
C:\Users\kamil\AppData\Local\TempeR3452.html
C:\Users\kamil\AppData\Local\Temprw5876.html
C:\Users\kamil\AppData\Local\TempRT5876.html
C:\Users\kamil\AppData\Local\TempgP2016.html
C:\Users\kamil\AppData\Local\Temptu2016.html
C:\Users\kamil\AppData\Local\Tempxo4312.html
C:\Users\kamil\AppData\Local\Tempkp4312.html
C:\Users\kamil\AppData\Local\TempJl1692.html
C:\Users\kamil\AppData\Local\TempWo1692.html
C:\Users\kamil\AppData\Local\TempPi2236.html
C:\Users\kamil\AppData\Local\TempnU2236.html
C:\Users\kamil\AppData\Local\Templa3964.html
C:\Users\kamil\AppData\Local\Tempho3964.html
C:\Users\kamil\AppData\Local\TempDU2316.html
C:\Users\kamil\AppData\Local\TempUc2316.html
C:\Users\kamil\AppData\Local\TempkXB696.html
C:\Users\kamil\AppData\Local\TempnTD696.html
C:\Users\kamil\AppData\Local\TempMp4320.html
C:\Users\kamil\AppData\Local\TempQq4320.html
C:\Users\kamil\AppData\Local\TemppH1316.html
C:\Users\kamil\AppData\Local\TempxH1316.html
C:\Windows\tasks\Install.job
C:\Users\kamil\AppData\Roaming\.#
C:\Users\kamil\AppData\Local\Temp\nodqq.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.


Wrzucasz log z usuwania oraz nowe logi OTL i RSIT.

  • Dobra wypowiedź 1
hyper1pl
komentarz
komentarz

[quote name='Tomek01' date='27 sierpień 2010 - 21:18' timestamp='1282940400' post='1078314']
Zastosuj Flash Disinfector, najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.
[/quote]

Teraz już z ciekawości. Dlaczego?

log z usuwania
[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185[2010-04-27 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\DTToolbar@toolbarnet.com removed from extensions.enabledItems
Folder C:\Users\kamil\AppData\Roaming\mozilla\Firefox\Profiles\gmr2j1a9.default\extensions\toolbar@ask.com\ not found.
C:\Users\kamil\AppData\Roaming\Mozilla\FireFox\Profiles\gmr2j1a9.default\searchplugins\daemon-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-23042342-2651542211-2932212354-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-23042342-2651542211-2932212354-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-23042342-2651542211-2932212354-1003\Software\Microsoft\Windows\CurrentVersion\Run\\nod32 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3134885-9ae5-11df-9e14-001377f510d9}\ not found.
File F:\22yj2fy1.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3134885-9ae5-11df-9e14-001377f510d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3134885-9ae5-11df-9e14-001377f510d9}\ not found.
File F:\22yj2fy1.exe not found.
========== FILES ==========
File\Folder C:\Users\kamil\AppData\Local\AskToolbar not found.
C:\Users\kamil\AppData\Local\TempDDK968.html moved successfully.
File\Folder C:\Users\kamil\AppData\Local\Tempylo968.html not found.
C:\Users\kamil\AppData\Local\TempEP3404.html moved successfully.
C:\Users\kamil\AppData\Local\TempIy5004.html moved successfully.
C:\Users\kamil\AppData\Local\TempmT5472.html moved successfully.
C:\Users\kamil\AppData\Local\Tempdw4684.html moved successfully.
C:\Users\kamil\AppData\Local\TempzM4684.html moved successfully.
C:\Users\kamil\AppData\Local\TempWX1360.html moved successfully.
C:\Users\kamil\AppData\Local\TemplQ1032.html moved successfully.
C:\Users\kamil\AppData\Local\TempPx3640.html moved successfully.
C:\Users\kamil\AppData\Local\TemplL3640.html moved successfully.
C:\Users\kamil\AppData\Local\TempDx3124.html moved successfully.
C:\Users\kamil\AppData\Local\TempIh3124.html moved successfully.
C:\Users\kamil\AppData\Local\Tempez1412.html moved successfully.
C:\Users\kamil\AppData\Local\TempEs1412.html moved successfully.
C:\Users\kamil\AppData\Local\TempBW4588.html moved successfully.
C:\Users\kamil\AppData\Local\TempXp4588.html moved successfully.
C:\Users\kamil\AppData\Local\Tempah3576.html moved successfully.
C:\Users\kamil\AppData\Local\TemprQ3576.html moved successfully.
C:\Users\kamil\AppData\Local\TempbZ3836.html moved successfully.
C:\Users\kamil\AppData\Local\Tempyt3836.html moved successfully.
C:\Users\kamil\AppData\Local\TempoU4032.html moved successfully.
C:\Users\kamil\AppData\Local\TempAw4032.html moved successfully.
C:\Users\kamil\AppData\Local\TempAi4032.html moved successfully.
C:\Users\kamil\AppData\Local\TempzC3172.html moved successfully.
C:\Users\kamil\AppData\Local\TempMl3172.html moved successfully.
C:\Users\kamil\AppData\Local\TempFX1580.html moved successfully.
C:\Users\kamil\AppData\Local\TempXI1580.html moved successfully.
C:\Users\kamil\AppData\Local\TempUC1708.html moved successfully.
C:\Users\kamil\AppData\Local\Tempgn1708.html moved successfully.
C:\Users\kamil\AppData\Local\TemphL1708.html moved successfully.
C:\Users\kamil\AppData\Local\Tempzr2748.html moved successfully.
C:\Users\kamil\AppData\Local\Tempub2748.html moved successfully.
C:\Users\kamil\AppData\Local\TempCC1656.html moved successfully.
C:\Users\kamil\AppData\Local\TempCq1656.html moved successfully.
C:\Users\kamil\AppData\Local\Tempkl2268.html moved successfully.
C:\Users\kamil\AppData\Local\TempFV2268.html moved successfully.
C:\Users\kamil\AppData\Local\TempQN2172.html moved successfully.
C:\Users\kamil\AppData\Local\TempNT2172.html moved successfully.
C:\Users\kamil\AppData\Local\TempvU2172.html moved successfully.
C:\Users\kamil\AppData\Local\TempBo1592.html moved successfully.
C:\Users\kamil\AppData\Local\Temppx1592.html moved successfully.
C:\Users\kamil\AppData\Local\TempQP4392.html moved successfully.
C:\Users\kamil\AppData\Local\TempnR4392.html moved successfully.
C:\Users\kamil\AppData\Local\Tempwl4792.html moved successfully.
C:\Users\kamil\AppData\Local\TempxT2044.html moved successfully.
C:\Users\kamil\AppData\Local\TempjX2044.html moved successfully.
C:\Users\kamil\AppData\Local\Templf4680.html moved successfully.
C:\Users\kamil\AppData\Local\Tempew4680.html moved successfully.
C:\Users\kamil\AppData\Local\TempWn1440.html moved successfully.
C:\Users\kamil\AppData\Local\TempuO1440.html moved successfully.
C:\Users\kamil\AppData\Local\TempSh2912.html moved successfully.
C:\Users\kamil\AppData\Local\Tempfg2912.html moved successfully.
C:\Users\kamil\AppData\Local\TempTN5868.html moved successfully.
C:\Users\kamil\AppData\Local\TempPQ5868.html moved successfully.
C:\Users\kamil\AppData\Local\TempCf1680.html moved successfully.
C:\Users\kamil\AppData\Local\TempfL1680.html moved successfully.
C:\Users\kamil\AppData\Local\TempuZ5516.html moved successfully.
C:\Users\kamil\AppData\Local\TempEY5516.html moved successfully.
C:\Users\kamil\AppData\Local\TempjB5988.html moved successfully.
C:\Users\kamil\AppData\Local\TempVS5988.html moved successfully.
C:\Users\kamil\AppData\Local\TemppO1912.html moved successfully.
C:\Users\kamil\AppData\Local\Tempyu5472.html moved successfully.
C:\Users\kamil\AppData\Local\TempxP5472.html moved successfully.
C:\Users\kamil\AppData\Local\Tempog4168.html moved successfully.
C:\Users\kamil\AppData\Local\Tempfj4168.html moved successfully.
C:\Users\kamil\AppData\Local\TempCp2036.html moved successfully.
C:\Users\kamil\AppData\Local\TempDw2036.html moved successfully.
C:\Users\kamil\AppData\Local\TempIw5672.html moved successfully.
C:\Users\kamil\AppData\Local\TempyC5672.html moved successfully.
C:\Users\kamil\AppData\Local\Tempgr2452.html moved successfully.
C:\Users\kamil\AppData\Local\TempLl4348.html moved successfully.
C:\Users\kamil\AppData\Local\TempPI4348.html moved successfully.
C:\Users\kamil\AppData\Local\TempXl1504.html moved successfully.
C:\Users\kamil\AppData\Local\TempsW1504.html moved successfully.
C:\Users\kamil\AppData\Local\Tempxs5152.html moved successfully.
C:\Users\kamil\AppData\Local\TempfD5152.html moved successfully.
C:\Users\kamil\AppData\Local\TempDq5844.html moved successfully.
C:\Users\kamil\AppData\Local\TempiZ5844.html moved successfully.
C:\Users\kamil\AppData\Local\TempLK5340.html moved successfully.
C:\Users\kamil\AppData\Local\TempZu5340.html moved successfully.
C:\Users\kamil\AppData\Local\Tempci5688.html moved successfully.
C:\Users\kamil\AppData\Local\TempOy5688.html moved successfully.
C:\Users\kamil\AppData\Local\TempdB1472.html moved successfully.
C:\Users\kamil\AppData\Local\TempBc1472.html moved successfully.
C:\Users\kamil\AppData\Local\TempLw5664.html moved successfully.
C:\Users\kamil\AppData\Local\Tempww4668.html moved successfully.
C:\Users\kamil\AppData\Local\TempDv4668.html moved successfully.
C:\Users\kamil\AppData\Local\Tempgt3568.html moved successfully.
C:\Users\kamil\AppData\Local\TempPT3568.html moved successfully.
C:\Users\kamil\AppData\Local\TempmK2360.html moved successfully.
C:\Users\kamil\AppData\Local\Tempki2360.html moved successfully.
C:\Users\kamil\AppData\Local\TempaO1444.html moved successfully.
C:\Users\kamil\AppData\Local\TempeW1444.html moved successfully.
C:\Users\kamil\AppData\Local\TempPq1360.html moved successfully.
C:\Users\kamil\AppData\Local\TempMK1360.html moved successfully.
C:\Users\kamil\AppData\Local\TempWd2240.html moved successfully.
C:\Users\kamil\AppData\Local\TempZy2240.html moved successfully.
C:\Users\kamil\AppData\Local\Tempza3228.html moved successfully.
C:\Users\kamil\AppData\Local\TemphE3228.html moved successfully.
C:\Users\kamil\AppData\Local\TempqhU600.html moved successfully.
C:\Users\kamil\AppData\Local\Temposg600.html moved successfully.
C:\Users\kamil\AppData\Local\TempwK2196.html moved successfully.
C:\Users\kamil\AppData\Local\Tempgq2196.html moved successfully.
C:\Users\kamil\AppData\Local\Tempwj3452.html moved successfully.
C:\Users\kamil\AppData\Local\TempeR3452.html moved successfully.
C:\Users\kamil\AppData\Local\Temprw5876.html moved successfully.
C:\Users\kamil\AppData\Local\TempRT5876.html moved successfully.
C:\Users\kamil\AppData\Local\TempgP2016.html moved successfully.
C:\Users\kamil\AppData\Local\Temptu2016.html moved successfully.
C:\Users\kamil\AppData\Local\Tempxo4312.html moved successfully.
C:\Users\kamil\AppData\Local\Tempkp4312.html moved successfully.
C:\Users\kamil\AppData\Local\TempJl1692.html moved successfully.
C:\Users\kamil\AppData\Local\TempWo1692.html moved successfully.
C:\Users\kamil\AppData\Local\TempPi2236.html moved successfully.
C:\Users\kamil\AppData\Local\TempnU2236.html moved successfully.
C:\Users\kamil\AppData\Local\Templa3964.html moved successfully.
C:\Users\kamil\AppData\Local\Tempho3964.html moved successfully.
C:\Users\kamil\AppData\Local\TempDU2316.html moved successfully.
C:\Users\kamil\AppData\Local\TempUc2316.html moved successfully.
C:\Users\kamil\AppData\Local\TempkXB696.html moved successfully.
C:\Users\kamil\AppData\Local\TempnTD696.html moved successfully.
C:\Users\kamil\AppData\Local\TempMp4320.html moved successfully.
C:\Users\kamil\AppData\Local\TempQq4320.html moved successfully.
C:\Users\kamil\AppData\Local\TemppH1316.html moved successfully.
C:\Users\kamil\AppData\Local\TempxH1316.html moved successfully.
C:\Windows\tasks\Install.job moved successfully.
C:\Users\kamil\AppData\Roaming\.# folder moved successfully.
File\Folder C:\Users\kamil\AppData\Local\Temp\nodqq.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kamil
->Temp folder emptied: 247439083 bytes
->Temporary Internet Files folder emptied: 57976787 bytes
->Java cache emptied: 687615 bytes
->FireFox cache emptied: 85847995 bytes
->Google Chrome cache emptied: 6341013 bytes
->Flash cache emptied: 70824 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 792402892 bytes
RecycleBin emptied: 737 bytes

Total Files Cleaned = 1 136,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08282010_014823

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]

OTL
[log]netsvcs
msconfig
safebootminimal
safebootnetwork
%systemdrive%\*.*
/md5start
agp440.sys
atapi.sys
beep.sys
cdrom.sys
ndis.sys
winlogon.exe
eventlog.dll
/md5stop[/log]

[log]OTL Extras logfile created on: 2010-08-28 01:57:25 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\kamil\Documents\download
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 27,96 Gb Free Space | 40,50% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 8,78 Gb Free Space | 12,54% Space Free | Partition Type: NTFS
Drive E: | 416,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMIL-DOM
Current User Name: kamil
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-23042342-2651542211-2932212354-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E7CC823-67DF-4023-B491-C097C162A31C}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F63EFE9-1FBC-467C-AED3-9038D02A67B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{63770BFE-ED81-429B-96C5-F8DDA432119A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7F8600B0-B9D7-4E8A-BDB3-8195D0CE0296}" = lport=138 | protocol=17 | dir=in | app=system |
"{84A8ACDD-AC65-4FAF-A279-B029F0AFCF82}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B0BB7F6-80B9-4DF1-A238-D46C64D74188}" = rport=138 | protocol=17 | dir=out | app=system |
"{90A14FA0-30DC-46B2-9722-427BDCAC6907}" = lport=139 | protocol=6 | dir=in | app=system |
"{9CC21560-7B15-4D44-97CA-70C7E421B3FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0CD9D42-A248-431B-9C54-39EACB788FB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDCA7BEC-289B-4C6E-8019-5404B674D3ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF585DB2-F59B-40B8-87D4-6DAEA8EBDFA1}" = rport=445 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0181D501-0AB2-4A74-9B1A-9FF49BB44583}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{03279F81-5F12-4DB0-8E8F-0B8C20495C1D}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{0A5CCF83-E8E3-4E9C-BD3C-C2F33210947A}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{0CB4F52E-99EE-46E0-8F91-3083829FA1C7}" = protocol=6 | dir=in | app=d:\gry\bitwa o śródziemie\game.dat |
"{21DBA5F2-D64B-4C9D-9B4F-60BCD9E28B90}" = protocol=17 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{2467551C-7C83-4DEF-85E9-CFD85238D7FB}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{24F2CAB8-9A99-4355-8A67-C50E39EF4E94}" = protocol=6 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{2C7AC75B-5BEA-4BC6-B993-6091C7F2757D}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2main.exe |
"{2D4543C6-3D19-4103-BA08-CC609F74AB4C}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2editor.exe |
"{2E074510-7277-448B-8EA6-C51A118A75CF}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2main_amdxp.exe |
"{2F2A37EF-1038-448C-9CB4-E7DC634322B8}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2launcher.exe |
"{371B1AE5-DB60-401F-B72E-50BCFAD6391F}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{3E3E907F-825E-44BA-9983-44DECD2B8DBA}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2server.exe |
"{45263860-59F6-452D-88DA-42DE6B20E559}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{45E21BF7-A367-4185-9184-FCED477BE90D}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\farcry2.exe |
"{48905CAF-416F-45DE-AE8C-D530120A7C97}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2server.exe |
"{5B9407A0-28A5-40DD-AE59-A3682B8AA93C}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwn2main_amdxp.exe |
"{5DBA5E8E-0A10-4D20-A790-6B13B49E9CF7}" = protocol=17 | dir=in | app=d:\gry\steam\steam.exe |
"{6291B4E1-DC5B-44EB-94AE-02ABC7E2EE0B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{62C95CE5-A8A5-44CF-8D22-93507C352542}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{66236857-667E-44B5-876E-BF7B71B8492F}" = protocol=6 | dir=in | app=d:\gry\steam\steam.exe |
"{6C7657B3-185F-4A92-B4DE-8B0CB24FB694}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{78737741-9D19-4BAE-A65D-E2358B39EA26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8098A976-B884-4597-89DB-4259AD1B9967}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8260E1F9-1531-4AC4-96E0-50EFFDF6292D}" = protocol=17 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"{908D642A-230B-4B33-9F55-DB89794C7AAA}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwn2main.exe |
"{91C1A158-AD80-42FB-AD47-CE3DCA15F91D}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2editor.exe |
"{93ECE2A4-A0EA-4466-8B47-29AE9E08CDAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEE12F3A-308C-4FE5-8125-82E3C35A1705}" = protocol=17 | dir=in | app=d:\gry\nvn2\nwupdate.exe |
"{B0C40A01-D221-4196-9149-45C0201C2B9E}" = protocol=6 | dir=in | app=d:\gry\nvn2\nwupdate.exe |
"{B1A58899-0ED4-4AC4-A95B-B1D84C63D937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2E905EE-FFDA-4D89-A34F-E2DA465A029B}" = protocol=6 | dir=in | app=d:\gry\far cry2\far cry 2\bin\fc2launcher.exe |
"{BE56C866-B359-470C-9694-ADBC2C873212}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{CA258FF5-ED95-4DF2-9455-480FFA0E1169}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC4D6F54-E850-49AA-8603-BC59E807481B}" = protocol=17 | dir=in | app=d:\gry\bitwa o śródziemie\game.dat |
"{CCF1F04F-0E00-42FE-9BE8-ADDA7EC798F8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D3437876-83C3-4008-A7E0-587D0C187A35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E8FB2136-D53A-4463-938E-7DCFF2BA1E21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EBA2273C-ED57-4D8C-B171-B02F5408B24D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{ED840BBA-2C36-4525-8108-669551CD368E}" = protocol=17 | dir=in | app=d:\gry\far cry2\far cry 2\bin\farcry2.exe |
"{F41D6D52-2075-42F3-9A9C-A48A84B3B174}" = protocol=6 | dir=in | app=d:\gry\steam\steamapps\hyper1pl\counter-strike\hl.exe |
"TCP Query User{15BAD523-BABE-482C-86E0-7FC354A0DCD4}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"TCP Query User{22A52C38-1EBD-4A34-83B4-897217788B32}D:\gry\puzzle quest\puzzle quest.exe" = protocol=6 | dir=in | app=d:\gry\puzzle quest\puzzle quest.exe |
"TCP Query User{248EA3D1-E41F-4F89-BF3B-94A23D76A6F4}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"TCP Query User{3615DAC5-6A82-4855-B75B-BE477DC2604A}D:\gry\baboviolent 2\bv2.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"TCP Query User{5E4EB950-208A-4163-9DB1-501C64044FCD}D:\gry\metin priv\mcmetinpro.exe" = protocol=6 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"TCP Query User{791A6F76-2C7A-4DDC-9E37-48933972DEB0}D:\gry\evil islands\game.exe" = protocol=6 | dir=in | app=d:\gry\evil islands\game.exe |
"TCP Query User{B3E2C763-F1C7-4D5F-AE64-51813CE7FB4F}D:\gry\baboviolent 2\bv2.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"TCP Query User{C7DD2C2C-1507-4FC0-A4E9-242DA0AE3BFC}D:\gry\evil islands\game.exe" = protocol=6 | dir=in | app=d:\gry\evil islands\game.exe |
"TCP Query User{C88AC836-914B-487D-BC83-B9C3870C51CD}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{CB6257FE-7E86-4881-BC48-E56866F1AC4E}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"TCP Query User{CB9A6DBF-34B9-4C8C-9192-02E495980561}D:\gry\metin priv\mcmetinpro.exe" = protocol=6 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"TCP Query User{D12ED84E-A828-4F71-9257-00E39EC958C4}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"TCP Query User{D3D1329C-9AAB-4F9A-A754-A30374230087}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{EC02B774-4031-4F48-8E07-1AA930D12FBB}D:\gry\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\gry\tmnationsforever\tmforever.exe |
"TCP Query User{ECA9F7DF-FCFF-454B-8E0B-8D3F1BEDE6CD}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"TCP Query User{FB8C8DA7-7078-412B-9B99-66B547E859D2}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=6 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"TCP Query User{FCED68DF-798E-49FC-91A3-C03BD19E11E5}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{108A7D64-FA61-4015-852D-FA6ACCCF1507}D:\gry\evil islands\game.exe" = protocol=17 | dir=in | app=d:\gry\evil islands\game.exe |
"UDP Query User{1E7BB258-9CF7-4BD1-B38C-A2B520434C57}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{3409B93B-A763-4459-86DF-1171A5BE4A6F}D:\gry\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\gry\tmnationsforever\tmforever.exe |
"UDP Query User{40A0D05A-539C-4F75-A0B2-D45F235E1AF5}D:\gry\baboviolent 2\bv2.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"UDP Query User{60176350-23D1-4897-AE53-E594053EE9B1}D:\gry\baboviolent 2\bv2.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2.exe |
"UDP Query User{6283023B-B287-498B-B539-7215D316C4F7}D:\gry\metin priv\mcmetinpro.exe" = protocol=17 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"UDP Query User{64A17349-B903-40CA-937B-7E4915F4CE70}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{74055167-4664-4A1A-AE27-881BBC91C4CC}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |
"UDP Query User{7F7D4B8B-3082-4D60-B5C2-D8FBFFD16DFA}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"UDP Query User{984DAE58-AAF6-4D29-AEB0-05A5A4428A42}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{A92A64BC-A28A-4DB0-B814-C009560DB30B}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"UDP Query User{AB0B3906-304A-4057-930A-9CCAA73BD308}C:\users\kamil\desktop\metin 2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2client.bin |
"UDP Query User{B58B9CD4-BF3B-4B40-B648-F65E452B7187}D:\gry\evil islands\game.exe" = protocol=17 | dir=in | app=d:\gry\evil islands\game.exe |
"UDP Query User{C39B02C7-13D9-4FEE-A4D2-4AEC0B3B56D3}D:\gry\metin priv\mcmetinpro.exe" = protocol=17 | dir=in | app=d:\gry\metin priv\mcmetinpro.exe |
"UDP Query User{D096DDFD-B8DB-4FCB-B421-C08BC7CEC544}D:\gry\baboviolent 2\bv2 proclient\bv2p.exe" = protocol=17 | dir=in | app=d:\gry\baboviolent 2\bv2 proclient\bv2p.exe |
"UDP Query User{E3B0EEDC-7D06-4805-803F-E906837B7CEA}D:\gry\puzzle quest\puzzle quest.exe" = protocol=17 | dir=in | app=d:\gry\puzzle quest\puzzle quest.exe |
"UDP Query User{E660E2EE-B5EE-4DCC-BD53-2A718D4B7540}C:\users\kamil\desktop\metin 2\metin2.bin" = protocol=17 | dir=in | app=c:\users\kamil\desktop\metin 2\metin2.bin |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{1021878C-B14A-4A55-9D6E-E0603455C2F4}_is1" = BV2 ProClient 2.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{385FB7F2-C398-4A91-93DE-188977864AB0}" = ZMU2010SMALL R3
"{3C2F83D3-3F75-4920-8E23-23A9FBADB35D}" = Microsoft Antimalware Service PL-PL Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ac40384-37ba-421c-b14c-2ecbe4403817}" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88C68165-3C92-11D5-B95D-00E07D97B508}" = Evil Islands
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1045-7B44-A80000000000}" = Adobe Reader 8 - Polish
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin Edycja Rozszerzona
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"A-Mind" = Absolute Mastermind v1.4
"AP Tuner 3.08" = AP Tuner 3.08
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"Business Contact Manager" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"Critical Damage_is1" = Critical Damage
"Diablo II" = Diablo II
"FarmingSimulator2009PL_is1" = Symulator-Farmy 2009
"FastStone Photo Resizer" = FastStone Photo Resizer 2.5
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"ipla" = ipla 2.1.2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"Niezbędnik CD_is1" = Niezbędnik CD
"NVIDIA Drivers" = NVIDIA Drivers
"Odyssee" = Odyseja
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"PuzzleQuest_is1" = Puzzle Quest
"RealAlt_is1" = Real Alternative 2.0.2
"Septerra Core PL" = Septerra Core PL
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.10

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-08-12 06:33:08 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-12 15:29:43 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-13 05:59:16 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-13 08:10:40 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 03:19:36 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 03:46:26 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 08:10:17 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-14 16:11:42 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-15 04:57:08 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

Error - 2010-08-15 09:59:11 | Computer Name = Kamil-dom | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2010-08-01 17:41:27 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:41:27 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:43:28 | Computer Name = Kamil-dom | Source = HTTP | ID = 15016
Description =

Error - 2010-08-01 17:44:22 | Computer Name = Kamil-dom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2010-08-01 17:45:04 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-01 17:45:04 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-02 05:00:59 | Computer Name = Kamil-dom | Source = HTTP | ID = 15016
Description =

Error - 2010-08-02 05:01:51 | Computer Name = Kamil-dom | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 2010-08-02 05:02:34 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-08-02 05:02:34 | Computer Name = Kamil-dom | Source = Service Control Manager | ID = 7000
Description =


< End of report >
[/log]

RSIT

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by kamil at 2010-08-28 02:08:54
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 29 GB (41%) free of 71 GB
Total RAM: 2042 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:09:10, on 2010-08-28
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\notepad.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\kamil\Documents\download\OTL.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Users\kamil\Documents\download\RSIT.exe
C:\Program Files\trend micro\kamil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=CriticalDamage&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6281 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{3982A897-C764-48B3-90D3-5CE2FC2D8A19}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-10 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Gry\Steam\Steam.exe [2010-08-24 1242448]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
C:\Program Files\Gadu-Gadu 10\gg.exe [2010-07-22 12477024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2010-02-02 14252952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-22 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-02-12 723496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0xFFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-28 01:48:23 ----D---- C:\_OTL
2010-08-28 01:44:42 ----RASHD---- C:\autorun.inf
2010-08-27 21:57:41 ----D---- C:\Program Files\trend micro
2010-08-27 21:57:38 ----D---- C:\rsit
2010-08-19 19:55:18 ----D---- C:\Program Files\IrfanView
2010-08-19 19:40:39 ----D---- C:\Users\kamil\AppData\Roaming\FastStone
2010-08-19 19:40:30 ----D---- C:\Program Files\FastStone Photo Resizer
2010-08-19 14:01:51 ----D---- C:\Program Files\Common Files\Skype
2010-08-18 10:54:00 ----D---- C:\Users\kamil\AppData\Roaming\gtk-2.0
2010-08-18 09:44:48 ----D---- C:\Program Files\GIMP-2.0
2010-08-17 21:55:00 ----RD---- C:\Program Files\Skype
2010-08-17 21:37:55 ----D---- C:\Program Files\Google
2010-08-17 13:20:28 ----A---- C:\Windows\Uninstall Jade Empire.exe
2010-08-11 13:16:18 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 13:16:11 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 13:16:04 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 13:16:04 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-11 13:16:01 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 13:16:01 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-11 13:15:59 ----A---- C:\Windows\system32\ieaksie.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\occache.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\ieencode.dll
2010-08-11 13:15:58 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 13:15:53 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 13:15:51 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 13:15:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 13:15:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 13:15:43 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 13:15:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 13:15:40 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 13:15:37 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-04 14:10:05 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-08-04 14:10:05 ----A---- C:\Windows\system32\PresentationHost.exe
2010-08-04 14:10:05 ----A---- C:\Windows\system32\netfxperf.dll
2010-08-04 14:10:05 ----A---- C:\Windows\system32\mscoree.dll
2010-08-04 14:10:04 ----A---- C:\Windows\system32\dfshim.dll
2010-08-04 14:06:27 ----D---- C:\Windows\SQL9_KB970892_ENU
2010-08-03 14:25:29 ----A---- C:\Windows\system32\winhttp.dll
2010-08-03 14:25:19 ----A---- C:\Windows\system32\drivers\http.sys
2010-08-03 14:25:18 ----A---- C:\Windows\system32\nshhttp.dll
2010-08-03 14:25:18 ----A---- C:\Windows\system32\httpapi.dll
2010-08-03 14:24:52 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 11:47:12 ----A---- C:\Windows\system32\browserchoice.exe
2010-08-02 11:20:49 ----A---- C:\Windows\system32\infocardapi.dll
2010-08-02 11:20:48 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-02 11:20:46 ----A---- C:\Windows\system32\icardagt.exe
2010-08-02 11:20:45 ----A---- C:\Windows\system32\icardres.dll
2010-08-02 11:20:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-08-02 11:11:08 ----A---- C:\Windows\system32\mscorier.dll
2010-08-02 11:10:44 ----A---- C:\Windows\system32\mscories.dll
2010-08-01 12:29:05 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-08-01 12:29:00 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-08-01 12:28:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-08-01 11:40:03 ----A---- C:\Windows\system32\t2embed.dll
2010-08-01 11:39:59 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-08-01 11:39:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-01 11:39:51 ----A---- C:\Windows\system32\msxml6.dll
2010-08-01 11:39:46 ----A---- C:\Windows\system32\wlanmsm.dll
2010-08-01 11:39:46 ----A---- C:\Windows\system32\L2SecHC.dll
2010-08-01 11:39:45 ----A---- C:\Windows\system32\wlansvc.dll
2010-08-01 11:39:45 ----A---- C:\Windows\system32\wlansec.dll
2010-08-01 11:39:30 ----A---- C:\Windows\system32\netiohlp.dll
2010-08-01 11:39:29 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\MRINFO.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-08-01 11:39:28 ----A---- C:\Windows\system32\finger.exe
2010-08-01 11:39:28 ----A---- C:\Windows\system32\ARP.EXE
2010-08-01 11:39:27 ----A---- C:\Windows\system32\ROUTE.EXE
2010-08-01 11:39:26 ----A---- C:\Windows\system32\netevent.dll
2010-08-01 11:38:44 ----A---- C:\Windows\system32\msv1_0.dll
2010-08-01 11:38:37 ----A---- C:\Windows\system32\inetcomm.dll
2010-08-01 11:38:33 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-08-01 11:38:32 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-08-01 11:38:32 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-08-01 11:38:26 ----A---- C:\Windows\system32\pacerprf.dll
2010-08-01 11:38:26 ----A---- C:\Windows\system32\drivers\pacer.sys
2010-08-01 11:38:21 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-08-01 11:38:19 ----A---- C:\Windows\system32\mf.dll
2010-08-01 11:37:54 ----A---- C:\Windows\system32\asycfilt.dll
2010-08-01 11:37:52 ----A---- C:\Windows\system32\vbscript.dll
2010-08-01 11:37:50 ----A---- C:\Windows\system32\atl.dll
2010-08-01 11:37:48 ----A---- C:\Windows\system32\gdi32.dll
2010-08-01 11:37:39 ----A---- C:\Windows\system32\tzres.dll
2010-08-01 11:37:18 ----A---- C:\Windows\system32\xolehlp.dll
2010-08-01 11:37:18 ----A---- C:\Windows\system32\msdtcprx.dll
2010-08-01 11:37:16 ----A---- C:\Windows\system32\es.dll
2010-08-01 11:37:12 ----A---- C:\Windows\system32\mstscax.dll
2010-08-01 11:37:09 ----A---- C:\Windows\system32\wkssvc.dll
2010-08-01 11:37:07 ----A---- C:\Windows\system32\wmpeffects.dll
2010-08-01 11:37:03 ----A---- C:\Windows\system32\netapi32.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\fontsub.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\dciman32.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\atmlib.dll
2010-08-01 11:37:01 ----A---- C:\Windows\system32\atmfd.dll
2010-08-01 11:36:30 ----A---- C:\Windows\system32\localspl.dll
2010-08-01 11:36:27 ----A---- C:\Windows\explorer.exe
2010-08-01 11:36:23 ----A---- C:\Windows\system32\kerberos.dll
2010-08-01 11:36:22 ----A---- C:\Windows\system32\wdigest.dll
2010-08-01 11:36:21 ----A---- C:\Windows\system32\lsasrv.dll
2010-08-01 11:36:21 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2010-08-01 11:36:20 ----A---- C:\Windows\system32\secur32.dll
2010-08-01 11:36:20 ----A---- C:\Windows\system32\lsass.exe
2010-08-01 11:36:05 ----A---- C:\Windows\system32\rpcss.dll
2010-08-01 11:36:03 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-08-01 11:36:01 ----A---- C:\Windows\system32\sdohlp.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\iasrecst.dll
2010-08-01 11:36:01 ----A---- C:\Windows\system32\iasdatastore.dll
2010-08-01 11:36:00 ----A---- C:\Windows\system32\iashost.exe
2010-08-01 11:36:00 ----A---- C:\Windows\system32\iasads.dll
2010-08-01 11:35:51 ----A---- C:\Windows\system32\jscript.dll
2010-08-01 11:35:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-08-01 11:35:45 ----A---- C:\Windows\system32\drivers\tunnel.sys
2010-08-01 11:35:28 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-01 11:35:20 ----A---- C:\Windows\system32\quartz.dll
2010-08-01 11:35:12 ----A---- C:\Windows\system32\kernel32.dll
2010-08-01 11:35:11 ----A---- C:\Windows\system32\apilogen.dll
2010-08-01 11:35:11 ----A---- C:\Windows\system32\amxread.dll
2010-08-01 11:35:07 ----A---- C:\Windows\system32\win32spl.dll
2010-08-01 11:35:05 ----A---- C:\Windows\system32\emdmgmt.dll
2010-08-01 11:35:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-01 11:35:04 ----A---- C:\Windows\system32\dataclen.dll
2010-08-01 11:35:04 ----A---- C:\Windows\system32\cdd.dll
2010-08-01 11:35:01 ----A---- C:\Windows\system32\drivers\rmcast.sys
2010-08-01 11:34:53 ----A---- C:\Windows\system32\wmp.dll
2010-08-01 11:34:51 ----A---- C:\Windows\system32\wmpdxm.dll
2010-08-01 11:34:49 ----A---- C:\Windows\system32\spwmp.dll
2010-08-01 11:34:48 ----A---- C:\Windows\system32\dxmasf.dll
2010-08-01 11:34:47 ----A---- C:\Windows\system32\wmploc.DLL
2010-08-01 11:34:37 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-08-01 11:34:36 ----A---- C:\Windows\system32\logagent.exe
2010-08-01 11:34:33 ----A---- C:\Windows\system32\wshext.dll
2010-08-01 11:34:33 ----A---- C:\Windows\system32\wscript.exe
2010-08-01 11:34:32 ----A---- C:\Windows\system32\scrrun.dll
2010-08-01 11:34:32 ----A---- C:\Windows\system32\scrobj.dll
2010-08-01 11:34:32 ----A---- C:\Windows\system32\cscript.exe
2010-08-01 11:34:29 ----A---- C:\Windows\system32\msasn1.dll
2010-08-01 11:34:17 ----A---- C:\Windows\system32\rpcrt4.dll
2010-08-01 11:34:13 ----A---- C:\Windows\system32\rastls.dll
2010-08-01 11:34:13 ----A---- C:\Windows\system32\raschap.dll
2010-08-01 11:34:09 ----A---- C:\Windows\system32\WSDApi.dll
2010-08-01 11:34:00 ----A---- C:\Windows\system32\msvidc32.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\tsbyuv.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\msyuv.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\msrle32.dll
2010-08-01 11:33:59 ----A---- C:\Windows\system32\iyuv_32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\mciavi32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\avifil32.dll
2010-08-01 11:33:58 ----A---- C:\Windows\system32\avicap32.dll
2010-08-01 11:33:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-08-01 11:29:44 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-08-01 10:57:06 ----A---- C:\Windows\system32\wintrust.dll
2010-08-01 10:57:00 ----A---- C:\Windows\system32\cabview.dll
2010-08-01 10:52:31 ----N---- C:\Windows\system32\MpSigStub.exe
2010-08-01 10:40:25 ----A---- C:\Windows\system32\wups2.dll
2010-08-01 10:40:25 ----A---- C:\Windows\system32\wuauclt.exe
2010-08-01 10:40:24 ----A---- C:\Windows\system32\wucltux.dll
2010-08-01 10:40:24 ----A---- C:\Windows\system32\wuaueng.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wups.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wudriver.dll
2010-08-01 10:40:09 ----A---- C:\Windows\system32\wuapi.dll
2010-08-01 10:40:00 ----A---- C:\Windows\system32\wuwebv.dll
2010-08-01 10:40:00 ----A---- C:\Windows\system32\wuapp.exe
2010-08-01 10:39:11 ----D---- C:\Program Files\Microsoft Security Essentials
2010-07-31 21:14:02 ----D---- C:\Program Files\MSN Messenger
2010-07-30 13:30:43 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-30 09:00:54 ----D---- C:\Program Files\uTorrent
2010-07-30 08:59:55 ----D---- C:\Users\kamil\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2010-08-28 02:08:49 ----D---- C:\Windows\Temp
2010-08-28 02:05:38 ----SHD---- C:\System Volume Information
2010-08-28 01:49:41 ----D---- C:\Windows
2010-08-28 01:48:36 ----D---- C:\Windows\Tasks
2010-08-28 01:48:25 ----D---- C:\Users\kamil\AppData\Roaming\Skype
2010-08-28 01:40:43 ----RD---- C:\Program Files
2010-08-28 01:39:26 ----SHD---- C:\Windows\Installer
2010-08-28 00:03:05 ----D---- C:\Users\kamil\AppData\Roaming\skypePM
2010-08-25 13:37:04 ----D---- C:\Program Files\Common Files\Steam
2010-08-24 13:14:28 ----RSD---- C:\Windows\assembly
2010-08-24 12:41:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-19 14:02:01 ----D---- C:\Windows\system32\Tasks
2010-08-19 14:01:51 ----D---- C:\Program Files\Common Files
2010-08-19 14:01:44 ----D---- C:\ProgramData\Skype
2010-08-19 12:04:23 ----D---- C:\Windows\Prefetch
2010-08-18 00:46:05 ----SD---- C:\Users\kamil\AppData\Roaming\Microsoft
2010-08-17 23:37:25 ----D---- C:\Windows\System32
2010-08-17 23:37:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-17 23:37:24 ----D---- C:\Windows\inf
2010-08-16 09:09:34 ----D---- C:\Windows\system32\catroot2
2010-08-12 21:34:49 ----D---- C:\Windows\Microsoft.NET
2010-08-12 12:52:57 ----D---- C:\Program Files\Internet Explorer
2010-08-12 12:52:54 ----D---- C:\Program Files\Movie Maker
2010-08-12 12:52:52 ----D---- C:\Windows\system32\drivers
2010-08-12 12:47:10 ----D---- C:\Windows\winsxs
2010-08-12 12:42:25 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 12:40:00 ----D---- C:\Windows\system32\catroot
2010-08-08 23:35:13 ----D---- C:\Windows\system32\WDI
2010-08-04 15:00:32 ----D---- C:\Windows\rescache
2010-08-04 14:36:46 ----D---- C:\Windows\system32\wbem
2010-08-04 14:36:45 ----D---- C:\Windows\system32\pl-PL
2010-08-04 14:36:45 ----D---- C:\Windows\system32\drivers\pl-PL
2010-08-04 14:07:14 ----D---- C:\Program Files\Microsoft SQL Server
2010-08-02 12:44:47 ----D---- C:\Program Files\Windows Mail
2010-08-02 12:44:40 ----D---- C:\Windows\system32\manifeststore
2010-08-02 12:44:40 ----D---- C:\Windows\AppPatch
2010-08-02 12:44:39 ----D---- C:\Program Files\Windows Media Player
2010-08-02 12:44:35 ----D---- C:\Windows\system32\XPSViewer
2010-08-02 12:44:35 ----D---- C:\Windows\system32\en-US
2010-08-02 11:44:00 ----RSD---- C:\Windows\Fonts
2010-08-02 11:43:51 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-02 11:43:26 ----D---- C:\Program Files\Microsoft Works
2010-08-02 11:41:45 ----A---- C:\Windows\win.ini
2010-08-02 11:36:21 ----D---- C:\Windows\Registration
2010-08-02 11:07:10 ----D---- C:\Windows\SoftwareDistribution
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntfNT.dll
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntf32.dll
2010-08-01 11:55:12 ----AT---- C:\Windows\system32\SIntf16.dll
2010-08-01 10:39:26 ----SD---- C:\ProgramData\Microsoft
2010-08-01 10:33:44 ----HD---- C:\ProgramData
2010-08-01 09:34:23 ----D---- C:\Users\kamil\AppData\Roaming\Gadu-Gadu 10

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-06-16 318488]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-27 691696]
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox.sys [2009-04-06 704384]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-02-10 307224]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\Windows\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Urz1dzenie dYwiekowe Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LLRING0;LLRING0; \??\D:\Gry\Zypher\zhypermu small r3\MuGuard\llck2.sys [2010-07-22 5120]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 BcmSqlStartupSvc;Usługa startowa serwera SQL dodatku Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-25 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-31 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-05-31 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-02 3594440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-24 407336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
[/log]

Chcę dodać też, od razu po wykasowaniu DT i przeprowadzeniu operacji, które poleciłeś komputer zrestartował się błyskawicznie. Zawsze wyłączał się w przeciągu 30 min, teraz jest to jakieś 20 sekund. Dziękuje serdecznie za pomoc, mam nadzieję, że teraz jest wszystko w porządku :)

Tomek01
komentarz
komentarz

Dlatego, że jest infekcja z mediów przenośnych.


Teraz jest ok. W OTL zastosuj opcję Clean Up.

hyper1pl
komentarz
komentarz

Dziękuję bardzo za pomoc :) Już myślałem, że będę musiał znów zrobić format. Dzięki wielkie jeszcze raz

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.