x-kom hosting

Błąd windows 7

Hanulec
utworzono
utworzono

Ostatnio po uruchomieniu się Windowsa 7 pokazuje mi się taki błąd: "wystąpił błąd podczas uruchamiania pliku winghk32.rom" czy może ktoś wie o co chodzi i co z tym można zrobić?

Tomek01
komentarz
komentarz

Zapewne wirus.

Wrzuć logi OTL i RSIT wstawiając je w tagi: http://www.forumpc.pl/index.php?showtopic=168048

Hanulec
komentarz
komentarz

[log]info.txt logfile of random's system information tool 1.08 2010-09-03 12:49:32

======Uninstall list======

-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3-->MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0-->MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files (x86)\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x15
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Anno 1404 v1.0 Eng-->"D:\Gry zainstalowane\Anno 1404\Uninstall\unins000.exe"
Ant Renamer-->"C:\Program Files (x86)\Ant Renamer\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Emergency 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}\Setup.exe" -l0x40c
Euro Truck Simulator-->D:\Gry zainstalowane\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
Far Cry Delta Sector-->"D:\Gry zainstalowane\Far Cry Delta Sector\unins000.exe"
Feuerwehr-Simulator 2010-->"D:\Gry zainstalowane\Uninstall.exe"
Google Earth Plug-in-->MsiExec.exe /X{8F04AE70-9C11-11DF-8F84-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Instalacja spolszczenia do Adobe Flash CS4 2.1-->C:\Program Files\Adobe\Adobe Flash CS4\Uninstall.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
livebox tp-->C:\Program Files (x86)\InstallShield Installation Information\{AB3F9176-E74A-4F28-9A09-4F22349B145E}\setup.exe -runfromtemp -l0x0015 -removeonly
MacroKey Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{66A4349A-AA55-43E5-A781-62867A701A90} /l1033
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->D:\Programy zainstalowane\firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
OF Dragon Rising-->"C:\Program Files (x86)\InstallShield Installation Information\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}\setup.exe" -runfromtemp -l0x0015 -removeonly
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Real Alternative 1.23-->"D:\Programy zainstalowane\Real Alternative\unins000.exe"
Ship Simulator 2008-->"D:\Gry zainstalowane\ShipSim2008\Uninstall.exe"
Ship Simulator Extremes-->"D:\Gry zainstalowane\Ship Simulator Extremes\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
The Settlers 7 - Droga do królestwa-->"C:\Program Files (x86)\InstallShield Installation Information\{9C916142-C18C-429D-BFED-40094A7E0BEB}\setup.exe" -runfromtemp -l0x0015 -removeonly
Total Commander (Remove or Repair)-->D:\Programy zainstalowane\totalcmd\tcuninst.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraISO Premium V8.6-->"D:\Programy zainstalowane\UltraISO\unins000.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wondershare Flash Gallery Factory 4.8.2.7-->"D:\Programy zainstalowane\Flash Gallery Factory\unins000.exe"

======Hosts File======

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 activate.adobe.com
127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com

======System event log======

Computer Name: Jarek-Komputer
Event Code: 7036
Message: Usługa Publikacja zasobów odnajdowania funkcji weszła w stan uruchomienia.
Record Number: 26611
Source Name: Service Control Manager
Time Written: 20100316124859.818857-000
Event Type: Informacje
User:

Computer Name: Jarek-Komputer
Event Code: 7036
Message: Usługa Host dostawcy odnajdowania funkcji weszła w stan uruchomienia.
Record Number: 26610
Source Name: Service Control Manager
Time Written: 20100316124859.662857-000
Event Type: Informacje
User:

Computer Name: Jarek-Komputer
Event Code: 7036
Message: Usługa Windows Search weszła w stan uruchomienia.
Record Number: 26609
Source Name: Service Control Manager
Time Written: 20100316124859.600457-000
Event Type: Informacje
User:

Computer Name: Jarek-Komputer
Event Code: 14206
Message: Serwer multimediów „JAREK-KOMPUTER: Jarek:” został zainicjowany pomyślnie i udostępnia multimedia urządzeniom multimediów sieciowych.
Record Number: 26608
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20100316124900.000000-000
Event Type: Informacje
User:

Computer Name: Jarek-Komputer
Event Code: 7036
Message: Usługa Host urządzenia UPnP weszła w stan uruchomienia.
Record Number: 26607
Source Name: Service Control Manager
Time Written: 20100316124859.272856-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message:

Sprawdzanie systemu plików na D:
Typ systemu plików to NTFS.


Jeden z dysków wymaga sprawdzenia spójnosci danych. Mozesz
anulowac to sprawdzenie, ale zaleca sie jego kontynuowanie.
System Windows sprawdzi teraz dysk.

CHKDSK sprawdza pliki (poziom 1 z 3)
Przetworzone rekordy plików: 106992.

Ukonczono sprawdzanie plików.
Przetworzone rekordy duzych plików: 226.

Przetworzone rekordy uszkodzonych plików: 0.

Przetworzone rekordy atrybutów rozszerzonych: 0.

Przetworzone rekordy ponownej analizy: 0.

CHKDSK sprawdza indeksy (poziom 2 z 3)
Przetworzone wpisy indeksu: 108876.

Ukonczono weryfikacje indeksów.
Przeskanowane pliki nieindeksowane: 0.

Odzyskane pliki nieindeksowane: 0.

CHKDSK sprawdza deskryptory zabezpieczen (poziom 3 z 3)
Przetworzone deskryptory zabezpieczen/identyfikatory plików: 106992.

Ukonczono sprawdzanie deskryptorów zabezpieczen.
Przetworzone pliki danych: 942.

System Windows sprawdzil system plików i nie znalazl zadnych problemów.

205768520 KB calkowitego miejsca na dysku.
14002244 KB w 51932 plikach.
15752 KB w 944 indeksach.
0 KB w uszkodzonych sektorach.
179264 KB uzywanych przez system.
65536 KB zajetych przez plik dziennika.
191571260 KB dostepnych na dysku.

4096 bajtów w kazdej jednostce alokacji.
51442130 ogólem jednostek alokacji na dysku.
47892815 jednostek alokacji dostepnych na dysku.

Informacje wewnetrzne:
f0 a1 01 00 97 ce 00 00 a3 0e 01 00 00 00 00 00 ................
5b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Record Number: 5
Source Name: Microsoft-Windows-Wininit
Time Written: 20091109141429.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20091109141426.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20091109141422.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091109141418.164436-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091109141418.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: Jarek-Komputer
Event Code: 4647
Message: Użytkownik zainicjował wylogowanie:

Podmiot:
Identyfikator zabezpieczeń: S-1-5-21-1088379616-2378706270-139417566-1000
Nazwa konta: Jarek
Domena konta: Jarek-Komputer
Identyfikator logowania: 0x19da5

To zdarzenie jest generowane, gdy zostanie zainicjowane wylogowanie. Nie mogą wystąpić dalsze działania inicjowane przez użytkownika. To zdarzenie można interpretować jako zdarzenie wylogowania.
Record Number: 19961
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100502175106.976824-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Jarek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x211f76

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 19960
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100502174830.235405-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Jarek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x211f65

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 19959
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100502174830.229405-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Jarek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-21-1088379616-2378706270-139417566-1003
Nazwa konta: HomeGroupUser$
Domena konta: Jarek-Komputer
Identyfikator logowania: 0x1dfcb0

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 19958
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100502174830.222405-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Jarek-Komputer
Event Code: 5061
Message: Operacja kryptograficzna.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-19
Nazwa konta: USŁUGA LOKALNA
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e5

Parametry funkcji kryptograficznej:
Nazwa dostawcy: Microsoft Software Key Storage Provider
Nazwa algorytmu: RSA
Nazwa klucza: fff649f1-e803-4cfc-bd93-12ae6a537e2b
Typ klucza: Klucz komputera.

Operacja kryptograficzna:
Operacja: Otwórz klucz.
Kod powrotny: 0x0
Record Number: 19957
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100502174821.212889-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Jarek at 2010-09-03 12:49:22
Microsoft Windows 7 Ultimate
System drive C: has 5 GB (12%) free of 40 GB
Total RAM: 4095 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:31, on 2010-09-03
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe
D:\Programy zainstalowane\itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Programy zainstalowane\firefox\firefox.exe
C:\Users\Jarek\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Jarek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programy zainstalowane\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112709 serial=DR12CUS-2178927-HVQ lang=PL
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy zainstalowane\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winghk32.rom,qAlRXdStD
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: 1257776604 (.1257776604) - Unknown owner - C:\Program Files (x86)\1257776604\Jarek1257776604L.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)

--
End of file - 8531 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\Programy zainstalowane\itunes\iTunesHelper.exe [2009-10-28 141600]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe [2004-06-23 733184]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"AlcoholAutomount"=D:\Programy zainstalowane\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"MSSMSGS"=winghk32.rom,qAlRXdStD []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "D:\Programy zainstalowane\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-03 12:49:22 ----D---- C:\rsit
2010-09-03 12:49:22 ----D---- C:\Program Files (x86)\trend micro
2010-09-02 17:21:41 ----D---- C:\Program Files (x86)\Google
2010-08-28 21:36:43 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Roaming
2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Quest3D
2010-08-25 19:30:38 ----D---- C:\ProgramData\Gadu-Gadu 10
2010-08-25 12:20:09 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-21 15:45:00 ----D---- C:\ProgramData\NOS
2010-08-21 13:53:33 ----HD---- C:\Windows\AxInstSV
2010-08-11 20:04:32 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-11 20:04:23 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-08-11 20:04:22 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 20:04:14 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-08 11:15:14 ----D---- C:\Program Files (x86)\Ant Renamer

======List of files/folders modified in the last 1 months======

2010-09-03 12:49:24 ----D---- C:\Windows\Temp
2010-09-03 12:49:22 ----RD---- C:\Program Files (x86)
2010-09-03 12:44:39 ----SHD---- C:\System Volume Information
2010-09-03 12:41:02 ----A---- C:\Windows\win.ini
2010-09-02 17:22:40 ----SHD---- C:\Windows\Installer
2010-09-02 17:21:43 ----D---- C:\Windows\Tasks
2010-08-31 19:46:11 ----D---- C:\Windows\System32
2010-08-31 19:46:11 ----D---- C:\Windows\inf
2010-08-28 21:36:45 ----D---- C:\Windows
2010-08-28 21:36:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-28 21:36:07 ----RSD---- C:\Windows\assembly
2010-08-28 21:32:19 ----D---- C:\Windows\Prefetch
2010-08-26 18:30:03 ----D---- C:\Windows\SysWOW64
2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\user32.dll
2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\slwga.dll
2010-08-25 19:30:38 ----HD---- C:\ProgramData
2010-08-25 16:18:37 ----D---- C:\Windows\winsxs
2010-08-25 14:27:21 ----D---- C:\Windows\AppPatch
2010-08-24 13:07:03 ----D---- C:\Users\Jarek\AppData\Roaming\Adobe
2010-08-24 13:06:58 ----D---- C:\ProgramData\Adobe
2010-08-23 12:15:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-22 14:12:32 ----D---- C:\Users\Jarek\AppData\Roaming\Tropico3
2010-08-21 15:50:00 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-08-21 15:49:55 ----D---- C:\Program Files (x86)\Adobe
2010-08-21 15:47:57 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-08-13 13:10:12 ----D---- C:\Windows\Microsoft.NET
2010-08-12 12:54:30 ----D---- C:\Windows\SysWOW64\migration
2010-08-12 12:54:30 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys [2006-11-25 104152]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2008-08-14 74720]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 USB_RNDIS;ADSL2+ Modem USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023.sys []
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 a9nwb9av;a9nwb9av; C:\Windows\SysWOW64\drivers\a9nwb9av.sys []
S3 asd4wann;asd4wann; C:\Windows\SysWOW64\drivers\asd4wann.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys []
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys []
S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys []
S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 StarWindServiceAE;StarWind AE Service; D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WTService;WTService; C:\Windows\System32\atwtusb.exe -s []
R3 iPod Service;Usługa iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 .1257776604;1257776604; C:\Program Files (x86)\1257776604\Jarek1257776604L.exe [2009-09-14 423016]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-16 1030600]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
[/log]

[log]OTL logfile created on: 2010-09-03 13:02:37 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jarek\Desktop\do logowania błędów
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 4,59 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive D: | 196,24 Gb Total Space | 151,95 Gb Free Space | 77,43% Space Free | Partition Type: NTFS
Drive E: | 230,46 Gb Total Space | 37,43 Gb Free Space | 16,24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAREK-KOMPUTER
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe
PRC - [2010-07-25 11:10:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy zainstalowane\firefox\firefox.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010-07-16 10:07:57 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-04-24 08:40:46 | 000,660,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV - [2009-12-27 13:58:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-14 10:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257776604\Jarek1257776604L.exe -- (.1257776604)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:[b]64bit:[/b] - [2009-11-09 19:38:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023.sys -- (USB_RNDIS)
DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-04-16 21:18:26 | 000,007,808 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:[b]64bit:[/b] - [2009-03-08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:[b]64bit:[/b] - [2007-12-02 13:51:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,293,192 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,101,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2007-11-22 07:43:40 | 000,040,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:[b]64bit:[/b] - [2005-03-28 11:30:36 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006-11-25 12:45:02 | 000,104,152 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy zainstalowane\firefox\components [2010-08-08 09:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy zainstalowane\firefox\plugins [2010-08-21 18:45:03 | 000,000,000 | ---D | M]

[2010-05-19 20:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions
[2010-08-21 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\hgkuwe9f.default\extensions

O1 HOSTS File: ([2010-07-31 14:46:16 | 000,001,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net
O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\%VSINSTALL_DIR64%\scriptsn.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [] File not found
O4:[b]64bit:[/b] - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programy zainstalowane\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Pliki programów (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell - "" = AutoRun
O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-09-03 12:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\do logowania błędów
[2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\rsit
[2010-09-02 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010-09-02 17:21:31 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Users\Jarek\Desktop\GoogleEarthPluginSetup.exe
[2010-08-28 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ShipSimExtremes Userdata
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Roaming
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Quest3D
[2010-08-25 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\załączniki do dokumentacji 02.6.1.1.2010
[2010-08-25 19:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10
[2010-08-25 12:20:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010-08-23 21:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Google
[2010-08-22 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\GHISLER
[2010-08-21 15:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010-08-21 13:53:33 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010-08-15 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\altanka
[2010-08-14 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (7)
[2010-08-14 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\LIGHTBOX
[2010-08-14 13:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna_pliki
[2010-08-13 12:34:40 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (6)
[2010-08-13 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (5)
[2010-08-13 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder
[2010-08-11 20:04:23 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-08-11 20:04:23 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010-08-11 20:04:22 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010-08-11 20:04:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-08-11 20:04:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-08-11 20:04:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-08-11 20:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-08-11 20:04:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-08-11 20:04:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-08-11 20:04:16 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010-08-11 20:04:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010-08-11 20:04:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010-08-08 11:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ant Renamer

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-09-03 13:03:00 | 003,145,728 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT
[2010-09-03 12:41:02 | 000,000,592 | ---- | M] () -- C:\Windows\win.ini
[2010-09-03 12:40:57 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-03 12:40:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-09-03 12:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-09-03 12:40:42 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-02 21:37:30 | 005,676,294 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db
[2010-09-02 19:26:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-02 17:21:32 | 000,567,640 | ---- | M] (Google Inc.) -- C:\Users\Jarek\Desktop\GoogleEarthPluginSetup.exe
[2010-09-02 17:09:42 | 000,013,655 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx
[2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-09-02 08:21:18 | 000,118,784 | ---- | M] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls
[2010-08-31 20:09:18 | 000,065,077 | ---- | M] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg
[2010-08-31 19:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-08-31 19:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-08-31 19:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-08-31 19:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-08-31 19:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-08-28 21:37:41 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
[2010-08-28 18:02:06 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk
[2010-08-28 18:02:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010-08-26 23:03:27 | 000,012,672 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx
[2010-08-26 18:30:03 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2010-08-26 18:30:03 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010-08-26 18:30:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010-08-26 18:30:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010-08-26 17:55:09 | 000,012,209 | ---- | M] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx
[2010-08-26 16:22:11 | 193,095,529 | ---- | M] () -- C:\Users\Jarek\Desktop\Jak.pdf
[2010-08-25 21:37:52 | 000,232,960 | ---- | M] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc
[2010-08-25 19:35:54 | 000,002,432 | ---- | M] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html
[2010-08-23 15:40:01 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk
[2010-08-21 12:35:45 | 000,000,394 | -H-- | M] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add
[2010-08-19 07:44:52 | 001,600,215 | ---- | M] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf
[2010-08-15 17:10:58 | 000,010,540 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx
[2010-08-15 12:38:14 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add
[2010-08-14 15:05:01 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add
[2010-08-14 13:57:04 | 000,164,749 | ---- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm
[2010-08-12 12:56:05 | 003,099,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-10 13:37:53 | 000,028,160 | ---- | M] () -- C:\Users\Jarek\Desktop\cv.doc
[2010-08-10 13:28:16 | 000,014,537 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx
[2010-08-10 12:02:44 | 000,480,329 | ---- | M] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf
[2010-08-10 11:30:51 | 000,712,820 | ---- | M] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf
[2010-08-10 10:54:24 | 000,117,806 | ---- | M] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx
[2010-08-08 12:44:26 | 000,010,006 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-09-02 17:21:43 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-02 17:21:42 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-02 17:09:59 | 000,118,784 | ---- | C] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls
[2010-08-31 20:09:18 | 000,065,077 | ---- | C] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg
[2010-08-28 21:35:27 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
[2010-08-28 18:02:06 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk
[2010-08-28 18:02:06 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010-08-26 15:56:49 | 193,095,529 | ---- | C] () -- C:\Users\Jarek\Desktop\Jak.pdf
[2010-08-26 09:21:39 | 000,012,672 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx
[2010-08-25 21:37:52 | 000,232,960 | ---- | C] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc
[2010-08-25 19:33:20 | 000,002,432 | ---- | C] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html
[2010-08-25 16:52:14 | 000,012,209 | ---- | C] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx
[2010-08-23 12:18:12 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk
[2010-08-22 17:32:53 | 000,013,655 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx
[2010-08-21 12:35:45 | 000,000,394 | -H-- | C] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add
[2010-08-19 07:44:52 | 001,600,215 | ---- | C] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf
[2010-08-15 17:06:49 | 000,010,540 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx
[2010-08-15 12:34:23 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add
[2010-08-14 15:05:01 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add
[2010-08-14 13:57:03 | 000,164,749 | ---- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm
[2010-08-10 13:37:52 | 000,028,160 | ---- | C] () -- C:\Users\Jarek\Desktop\cv.doc
[2010-08-10 13:26:55 | 000,014,537 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx
[2010-08-10 12:02:44 | 000,480,329 | ---- | C] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf
[2010-08-10 11:30:48 | 000,712,820 | ---- | C] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf
[2010-08-10 10:52:44 | 000,117,806 | ---- | C] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx
[2010-08-08 12:44:15 | 000,010,006 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx
[2010-01-08 11:39:29 | 000,008,114 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-07-18 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Autodesk
[2010-07-04 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Cream Software
[2009-11-21 18:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\DAEMON Tools Lite
[2010-04-11 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER
[2010-04-22 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Opera
[2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Quest3D
[2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Roaming
[2010-08-01 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tific
[2010-08-22 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tropico3
[2009-11-09 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Ubisoft
[2010-08-01 09:17:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-11-02 11:26:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-11-02 11:22:11 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2009-11-09 16:09:31 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2008-06-16 03:28:36 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009-11-09 16:09:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-09-01 10:47:54 | 000,000,668 | ---- | M] () -- C:\ccJobMgr.dat
[2009-11-02 11:26:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-28 11:05:13 | 000,181,408 | RHS- | M] () -- C:\grldr
[2010-09-03 12:40:42 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-02 11:26:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-02 11:26:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-06-16 03:28:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-06-16 03:28:36 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2009-11-02 15:56:28 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log
[2009-11-26 19:47:43 | 000,018,637 | ---- | M] () -- C:\st330AdaptorMgr.log
[2009-11-26 19:48:33 | 000,203,794 | ---- | M] () -- C:\stInstall.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\system32\DRIVERS\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
[2008-06-16 03:28:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\Windows.old\Windows\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-06-16 03:28:36 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\system32\drivers\cdrom.sys
[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-06-16 03:28:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\Windows.old\Windows\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-06-16 03:28:36 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Windows.old\Windows\system32\drivers\ndis.sys
[2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2008-06-16 03:28:36 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=335813EACD16E84F3047A3326F6E5473 -- C:\Windows.old\Windows\system32\winlogon.exe
[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< End of report >
[/log]

Tomek01
komentarz
komentarz

Uruchom HiJackThis, zaznacz fajki przy podanych niżej wpisach a następnie Fix chcecked:
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winghk32.rom,qAlRXdStD
F2 - REG:system.ini: UserInit=userinit.exe


Odnośnie tego wpisu: F2 - REG:system.ini: UserInit=userinit.exe
Skoro się pojawił tzn, że jest coś nie tak. Nie powinien się pojawiać w logu.
Wchodzisz w Start/Uruchom/Regedit i odnajdź klucz:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Wartość Userinit powinna być ustawiona na C:\Windows\system32\userinit.exe,. Przecinek na końcu jest niezbędny !





W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
SRV - [2009-09-14 10:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257776604\Jarek1257776604L.exe -- (.1257776604)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSMSGS"=-

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.


Wrzucasz log z usuwania OTL oraz nowe logi OTL i RSIT.

Hanulec
komentarz
komentarz

[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Service .1257776604 stopped successfully!
Service .1257776604 deleted successfully!
C:\Program Files (x86)\1257776604\Jarek1257776604L.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSSMSGS not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jarek
->Temp folder emptied: 833064502 bytes
->Temporary Internet Files folder emptied: 56982901 bytes
->FireFox cache emptied: 98243423 bytes
->Opera cache emptied: 3144707 bytes
->Flash cache emptied: 2067663 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11319893 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 811346819 bytes

Total Files Cleaned = 1 732,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09042010_143736

Files\Folders moved on Reboot...
C:\Users\Jarek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Jarek at 2010-09-04 14:46:21
Microsoft Windows 7 Ultimate
System drive C: has 2 GB (5%) free of 40 GB
Total RAM: 4095 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:37, on 2010-09-04
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe
D:\Programy zainstalowane\itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Jarek\Desktop\do logowania błędów\RSIT.exe
C:\Program Files (x86)\trend micro\Jarek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programy zainstalowane\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112709 serial=DR12CUS-2178927-HVQ lang=PL
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy zainstalowane\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)

--
End of file - 8247 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\Programy zainstalowane\itunes\iTunesHelper.exe [2009-10-28 141600]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe [2004-06-23 733184]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"AlcoholAutomount"=D:\Programy zainstalowane\Alcohol 120\axcmd.exe [2009-04-24 203928]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "D:\Programy zainstalowane\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-04 14:39:07 ----ASH---- C:\pagefile.sys
2010-09-04 14:37:36 ----D---- C:\_OTL
2010-09-03 12:49:22 ----D---- C:\rsit
2010-09-03 12:49:22 ----D---- C:\Program Files (x86)\trend micro
2010-09-02 17:21:41 ----D---- C:\Program Files (x86)\Google
2010-08-28 21:36:43 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Roaming
2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Quest3D
2010-08-25 19:30:38 ----D---- C:\ProgramData\Gadu-Gadu 10
2010-08-25 12:20:09 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-21 15:45:00 ----D---- C:\ProgramData\NOS
2010-08-21 13:53:33 ----HD---- C:\Windows\AxInstSV
2010-08-11 20:04:32 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-11 20:04:23 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-08-11 20:04:22 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 20:04:14 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-08 11:15:14 ----D---- C:\Program Files (x86)\Ant Renamer

======List of files/folders modified in the last 1 months======

2010-09-04 14:46:37 ----D---- C:\Windows\Temp
2010-09-04 14:39:47 ----SHD---- C:\System Volume Information
2010-09-04 14:39:31 ----A---- C:\Windows\win.ini
2010-09-04 14:37:37 ----D---- C:\Program Files (x86)\1257776604
2010-09-04 14:27:28 ----SHD---- C:\Windows\Installer
2010-09-04 14:27:27 ----SD---- C:\Users\Jarek\AppData\Roaming\Microsoft
2010-09-03 12:49:22 ----RD---- C:\Program Files (x86)
2010-09-02 17:21:43 ----D---- C:\Windows\Tasks
2010-08-31 19:46:11 ----D---- C:\Windows\System32
2010-08-31 19:46:11 ----D---- C:\Windows\inf
2010-08-28 21:36:45 ----D---- C:\Windows
2010-08-28 21:36:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-28 21:36:07 ----RSD---- C:\Windows\assembly
2010-08-28 21:32:19 ----D---- C:\Windows\Prefetch
2010-08-26 18:30:03 ----D---- C:\Windows\SysWOW64
2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\user32.dll
2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\slwga.dll
2010-08-25 19:30:38 ----HD---- C:\ProgramData
2010-08-25 16:18:37 ----D---- C:\Windows\winsxs
2010-08-25 14:27:21 ----D---- C:\Windows\AppPatch
2010-08-24 13:07:03 ----D---- C:\Users\Jarek\AppData\Roaming\Adobe
2010-08-24 13:06:58 ----D---- C:\ProgramData\Adobe
2010-08-23 12:15:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-22 14:12:32 ----D---- C:\Users\Jarek\AppData\Roaming\Tropico3
2010-08-21 15:50:00 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-08-21 15:49:55 ----D---- C:\Program Files (x86)\Adobe
2010-08-21 15:47:57 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-08-13 13:10:12 ----D---- C:\Windows\Microsoft.NET
2010-08-12 12:54:30 ----D---- C:\Windows\SysWOW64\migration
2010-08-12 12:54:30 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys [2006-11-25 104152]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2008-08-14 74720]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 USB_RNDIS;ADSL2+ Modem USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023.sys []
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys []
S3 a0789mtu;a0789mtu; C:\Windows\SysWOW64\drivers\a0789mtu.sys []
S3 asypcf8h;asypcf8h; C:\Windows\SysWOW64\drivers\asypcf8h.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys []
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys []
S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys []
S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 StarWindServiceAE;StarWind AE Service; D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WTService;WTService; C:\Windows\System32\atwtusb.exe -s []
R3 iPod Service;Usługa iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-16 1030600]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
[/log]

[log]OTL logfile created on: 2010-09-04 14:41:56 - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jarek\Desktop\do logowania błędów
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 2,12 Gb Free Space | 5,43% Space Free | Partition Type: NTFS
Drive D: | 196,24 Gb Total Space | 155,92 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
Drive E: | 230,46 Gb Total Space | 37,43 Gb Free Space | 16,24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAREK-KOMPUTER
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010-07-16 10:07:57 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-04-24 08:40:46 | 000,660,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV - [2009-12-27 13:58:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:[b]64bit:[/b] - [2009-11-09 19:38:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023.sys -- (USB_RNDIS)
DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-04-16 21:18:26 | 000,007,808 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:[b]64bit:[/b] - [2009-03-08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:[b]64bit:[/b] - [2007-12-02 13:51:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,293,192 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,101,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:[/b] - [2007-11-22 07:43:40 | 000,040,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:[b]64bit:[/b] - [2005-03-28 11:30:36 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006-11-25 12:45:02 | 000,104,152 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy zainstalowane\firefox\components [2010-08-08 09:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy zainstalowane\firefox\plugins [2010-08-21 18:45:03 | 000,000,000 | ---D | M]

[2010-05-19 20:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions
[2010-08-21 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\hgkuwe9f.default\extensions

O1 HOSTS File: ([2010-07-31 14:46:16 | 000,001,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net
O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\%VSINSTALL_DIR64%\scriptsn.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programy zainstalowane\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Pliki programów (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell - "" = AutoRun
O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-09-04 14:37:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-09-03 12:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\do logowania błędów
[2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\rsit
[2010-09-02 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010-08-28 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ShipSimExtremes Userdata
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Roaming
[2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Quest3D
[2010-08-25 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\załączniki do dokumentacji 02.6.1.1.2010
[2010-08-25 19:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10
[2010-08-25 12:20:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010-08-23 21:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Google
[2010-08-22 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\GHISLER
[2010-08-21 15:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010-08-21 13:53:33 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010-08-15 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\altanka
[2010-08-14 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (7)
[2010-08-14 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\LIGHTBOX
[2010-08-14 13:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna_pliki
[2010-08-13 12:34:40 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (6)
[2010-08-13 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (5)
[2010-08-13 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder
[2010-08-11 20:04:23 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-08-11 20:04:23 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010-08-11 20:04:22 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010-08-11 20:04:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-08-11 20:04:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-08-11 20:04:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-08-11 20:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-08-11 20:04:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-08-11 20:04:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-08-11 20:04:16 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010-08-11 20:04:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010-08-11 20:04:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010-08-08 11:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ant Renamer

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-09-04 14:39:31 | 000,000,592 | ---- | M] () -- C:\Windows\win.ini
[2010-09-04 14:39:28 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-04 14:39:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-09-04 14:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-09-04 14:39:04 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-04 14:38:27 | 003,145,728 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT
[2010-09-04 14:38:24 | 005,679,071 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db
[2010-09-04 14:27:27 | 000,002,975 | ---- | M] () -- C:\Users\Jarek\Desktop\HiJackThis.lnk
[2010-09-04 14:26:10 | 001,402,880 | ---- | M] () -- C:\Users\Jarek\Desktop\HiJackThis.msi
[2010-09-04 14:26:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-03 19:57:21 | 000,010,668 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (7).docx
[2010-09-03 18:23:22 | 000,013,843 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx
[2010-09-03 17:23:33 | 000,013,907 | ---- | M] () -- C:\Users\Jarek\Desktop\torba r1 poż pol.docx
[2010-09-03 17:20:18 | 000,000,000 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (2).docx
[2010-09-03 17:12:57 | 000,161,796 | ---- | M] () -- C:\Users\Jarek\Desktop\zestaw-psp_r1.pdf
[2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-09-02 08:21:18 | 000,118,784 | ---- | M] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls
[2010-08-31 20:09:18 | 000,065,077 | ---- | M] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg
[2010-08-31 19:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-08-31 19:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-08-31 19:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-08-31 19:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-08-31 19:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-08-28 21:37:41 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
[2010-08-28 18:02:06 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk
[2010-08-28 18:02:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010-08-26 23:03:27 | 000,012,672 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx
[2010-08-26 18:30:03 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2010-08-26 18:30:03 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010-08-26 18:30:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010-08-26 18:30:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010-08-26 17:55:09 | 000,012,209 | ---- | M] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx
[2010-08-26 16:22:11 | 193,095,529 | ---- | M] () -- C:\Users\Jarek\Desktop\Jak.pdf
[2010-08-25 21:37:52 | 000,232,960 | ---- | M] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc
[2010-08-25 19:35:54 | 000,002,432 | ---- | M] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html
[2010-08-23 15:40:01 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk
[2010-08-21 12:35:45 | 000,000,394 | -H-- | M] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add
[2010-08-19 07:44:52 | 001,600,215 | ---- | M] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf
[2010-08-15 17:10:58 | 000,010,540 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx
[2010-08-15 12:38:14 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add
[2010-08-14 15:05:01 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add
[2010-08-14 13:57:04 | 000,164,749 | ---- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm
[2010-08-12 12:56:05 | 003,099,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-10 13:37:53 | 000,028,160 | ---- | M] () -- C:\Users\Jarek\Desktop\cv.doc
[2010-08-10 13:28:16 | 000,014,537 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx
[2010-08-10 12:02:44 | 000,480,329 | ---- | M] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf
[2010-08-10 11:30:51 | 000,712,820 | ---- | M] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf
[2010-08-10 10:54:24 | 000,117,806 | ---- | M] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx
[2010-08-08 12:44:26 | 000,010,006 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-09-04 14:27:27 | 000,002,975 | ---- | C] () -- C:\Users\Jarek\Desktop\HiJackThis.lnk
[2010-09-04 14:26:05 | 001,402,880 | ---- | C] () -- C:\Users\Jarek\Desktop\HiJackThis.msi
[2010-09-03 19:48:43 | 000,010,668 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (7).docx
[2010-09-03 17:23:32 | 000,013,907 | ---- | C] () -- C:\Users\Jarek\Desktop\torba r1 poż pol.docx
[2010-09-03 17:20:18 | 000,000,000 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (2).docx
[2010-09-03 17:12:53 | 000,161,796 | ---- | C] () -- C:\Users\Jarek\Desktop\zestaw-psp_r1.pdf
[2010-09-02 17:21:43 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-09-02 17:21:42 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-09-02 17:09:59 | 000,118,784 | ---- | C] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls
[2010-08-31 20:09:18 | 000,065,077 | ---- | C] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg
[2010-08-28 21:35:27 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
[2010-08-28 18:02:06 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk
[2010-08-28 18:02:06 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010-08-26 15:56:49 | 193,095,529 | ---- | C] () -- C:\Users\Jarek\Desktop\Jak.pdf
[2010-08-26 09:21:39 | 000,012,672 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx
[2010-08-25 21:37:52 | 000,232,960 | ---- | C] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc
[2010-08-25 19:33:20 | 000,002,432 | ---- | C] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html
[2010-08-25 16:52:14 | 000,012,209 | ---- | C] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx
[2010-08-23 12:18:12 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk
[2010-08-22 17:32:53 | 000,013,843 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx
[2010-08-21 12:35:45 | 000,000,394 | -H-- | C] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add
[2010-08-19 07:44:52 | 001,600,215 | ---- | C] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf
[2010-08-15 17:06:49 | 000,010,540 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx
[2010-08-15 12:34:23 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add
[2010-08-14 15:05:01 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add
[2010-08-14 13:57:03 | 000,164,749 | ---- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm
[2010-08-10 13:37:52 | 000,028,160 | ---- | C] () -- C:\Users\Jarek\Desktop\cv.doc
[2010-08-10 13:26:55 | 000,014,537 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx
[2010-08-10 12:02:44 | 000,480,329 | ---- | C] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf
[2010-08-10 11:30:48 | 000,712,820 | ---- | C] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf
[2010-08-10 10:52:44 | 000,117,806 | ---- | C] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx
[2010-08-08 12:44:15 | 000,010,006 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx
[2010-01-08 11:39:29 | 000,008,114 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-07-18 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Autodesk
[2010-07-04 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Cream Software
[2009-11-21 18:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\DAEMON Tools Lite
[2010-04-11 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER
[2010-04-22 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Opera
[2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Quest3D
[2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Roaming
[2010-08-01 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tific
[2010-08-22 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tropico3
[2009-11-09 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Ubisoft
[2010-08-01 09:17:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
[/log]

Po restarcie już się błąd nie pojawia, mam nadzieję że w logach wszystko już jest ok

Tomek01
komentarz
komentarz

Wszystko ok poza tym: F2 - REG:system.ini: UserInit=userinit.exe

Czy wykonałeś polecenia w związku z tym wpisem ? Czy sprawdziłeś rejestr ?

Spróbuj w trybie awaryjnym usunąć go w HiJackThis.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.