Hanulec utworzono 2 września 2010 utworzono 2 września 2010 Ostatnio po uruchomieniu się Windowsa 7 pokazuje mi się taki błąd: "wystąpił błąd podczas uruchamiania pliku winghk32.rom" czy może ktoś wie o co chodzi i co z tym można zrobić?
Tomek01 komentarz 2 września 2010 komentarz 2 września 2010 Zapewne wirus. Wrzuć logi OTL i RSIT wstawiając je w tagi: http://www.forumpc.pl/index.php?showtopic=168048
Hanulec komentarz 3 września 2010 Autor komentarz 3 września 2010 [log]info.txt logfile of random's system information tool 1.08 2010-09-03 12:49:32 ======Uninstall list====== -->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D} Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF} Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E} Adobe After Effects CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1 Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Asset Services CS3-->MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD} Adobe Bridge CS3-->MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe Bridge Start Meeting-->MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808} Adobe Camera Raw 4.0-->MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS3-->MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Dreamweaver CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110} Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C} Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090} Adobe Flash CS4 Professional-->C:\Program Files (x86)\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1 Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6} Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Help Viewer CS3-->MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC} Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD} Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x15 Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1} Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424} Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS3-->MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe Version Cue CS3 Client-->MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Anno 1404 v1.0 Eng-->"D:\Gry zainstalowane\Anno 1404\Uninstall\unins000.exe" Ant Renamer-->"C:\Program Files (x86)\Ant Renamer\unins000.exe" Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647} Emergency 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}\Setup.exe" -l0x40c Euro Truck Simulator-->D:\Gry zainstalowane\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe Far Cry Delta Sector-->"D:\Gry zainstalowane\Far Cry Delta Sector\unins000.exe" Feuerwehr-Simulator 2010-->"D:\Gry zainstalowane\Uninstall.exe" Google Earth Plug-in-->MsiExec.exe /X{8F04AE70-9C11-11DF-8F84-005056C00008} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Instalacja spolszczenia do Adobe Flash CS4 2.1-->C:\Program Files\Adobe\Adobe Flash CS4\Uninstall.exe iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} livebox tp-->C:\Program Files (x86)\InstallShield Installation Information\{AB3F9176-E74A-4F28-9A09-4F22349B145E}\setup.exe -runfromtemp -l0x0015 -removeonly MacroKey Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{66A4349A-AA55-43E5-A781-62867A701A90} /l1033 Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.3)-->D:\Programy zainstalowane\firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D} OF Dragon Rising-->"C:\Program Files (x86)\InstallShield Installation Information\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}\setup.exe" -runfromtemp -l0x0015 -removeonly PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9} QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Real Alternative 1.23-->"D:\Programy zainstalowane\Real Alternative\unins000.exe" Ship Simulator 2008-->"D:\Gry zainstalowane\ShipSim2008\Uninstall.exe" Ship Simulator Extremes-->"D:\Gry zainstalowane\Ship Simulator Extremes\unins000.exe" Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} The Settlers 7 - Droga do królestwa-->"C:\Program Files (x86)\InstallShield Installation Information\{9C916142-C18C-429D-BFED-40094A7E0BEB}\setup.exe" -runfromtemp -l0x0015 -removeonly Total Commander (Remove or Repair)-->D:\Programy zainstalowane\totalcmd\tcuninst.exe Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly UltraISO Premium V8.6-->"D:\Programy zainstalowane\UltraISO\unins000.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Wondershare Flash Gallery Factory 4.8.2.7-->"D:\Programy zainstalowane\Flash Gallery Factory\unins000.exe" ======Hosts File====== 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com 127.0.0.1 static3.cdn.ubi.com 127.0.0.1 ubisoft-orbit.s3.amazonaws.com 127.0.0.1 onlineconfigservice.ubi.com 127.0.0.1 orbitservice.ubi.com 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com 127.0.0.1 activate.adobe.com 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com ======System event log====== Computer Name: Jarek-Komputer Event Code: 7036 Message: Usługa Publikacja zasobów odnajdowania funkcji weszła w stan uruchomienia. Record Number: 26611 Source Name: Service Control Manager Time Written: 20100316124859.818857-000 Event Type: Informacje User: Computer Name: Jarek-Komputer Event Code: 7036 Message: Usługa Host dostawcy odnajdowania funkcji weszła w stan uruchomienia. Record Number: 26610 Source Name: Service Control Manager Time Written: 20100316124859.662857-000 Event Type: Informacje User: Computer Name: Jarek-Komputer Event Code: 7036 Message: Usługa Windows Search weszła w stan uruchomienia. Record Number: 26609 Source Name: Service Control Manager Time Written: 20100316124859.600457-000 Event Type: Informacje User: Computer Name: Jarek-Komputer Event Code: 14206 Message: Serwer multimediów „JAREK-KOMPUTER: Jarek:” został zainicjowany pomyślnie i udostępnia multimedia urządzeniom multimediów sieciowych. Record Number: 26608 Source Name: Microsoft-Windows-WMPNSS-Service Time Written: 20100316124900.000000-000 Event Type: Informacje User: Computer Name: Jarek-Komputer Event Code: 7036 Message: Usługa Host urządzenia UPnP weszła w stan uruchomienia. Record Number: 26607 Source Name: Service Control Manager Time Written: 20100316124859.272856-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 1001 Message: Sprawdzanie systemu plików na D: Typ systemu plików to NTFS. Jeden z dysków wymaga sprawdzenia spójnosci danych. Mozesz anulowac to sprawdzenie, ale zaleca sie jego kontynuowanie. System Windows sprawdzi teraz dysk. CHKDSK sprawdza pliki (poziom 1 z 3) Przetworzone rekordy plików: 106992. Ukonczono sprawdzanie plików. Przetworzone rekordy duzych plików: 226. Przetworzone rekordy uszkodzonych plików: 0. Przetworzone rekordy atrybutów rozszerzonych: 0. Przetworzone rekordy ponownej analizy: 0. CHKDSK sprawdza indeksy (poziom 2 z 3) Przetworzone wpisy indeksu: 108876. Ukonczono weryfikacje indeksów. Przeskanowane pliki nieindeksowane: 0. Odzyskane pliki nieindeksowane: 0. CHKDSK sprawdza deskryptory zabezpieczen (poziom 3 z 3) Przetworzone deskryptory zabezpieczen/identyfikatory plików: 106992. Ukonczono sprawdzanie deskryptorów zabezpieczen. Przetworzone pliki danych: 942. System Windows sprawdzil system plików i nie znalazl zadnych problemów. 205768520 KB calkowitego miejsca na dysku. 14002244 KB w 51932 plikach. 15752 KB w 944 indeksach. 0 KB w uszkodzonych sektorach. 179264 KB uzywanych przez system. 65536 KB zajetych przez plik dziennika. 191571260 KB dostepnych na dysku. 4096 bajtów w kazdej jednostce alokacji. 51442130 ogólem jednostek alokacji na dysku. 47892815 jednostek alokacji dostepnych na dysku. Informacje wewnetrzne: f0 a1 01 00 97 ce 00 00 a3 0e 01 00 00 00 00 00 ................ 5b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Record Number: 5 Source Name: Microsoft-Windows-Wininit Time Written: 20091109141429.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20091109141426.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20091109141422.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20091109141418.164436-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20091109141418.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: Jarek-Komputer Event Code: 4647 Message: Użytkownik zainicjował wylogowanie: Podmiot: Identyfikator zabezpieczeń: S-1-5-21-1088379616-2378706270-139417566-1000 Nazwa konta: Jarek Domena konta: Jarek-Komputer Identyfikator logowania: 0x19da5 To zdarzenie jest generowane, gdy zostanie zainicjowane wylogowanie. Nie mogą wystąpić dalsze działania inicjowane przez użytkownika. To zdarzenie można interpretować jako zdarzenie wylogowania. Record Number: 19961 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100502175106.976824-000 Event Type: Sukcesy inspekcji User: Computer Name: Jarek-Komputer Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-7 Nazwa konta: LOGOWANIE ANONIMOWE Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x211f76 Typ logowania: 3 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 19960 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100502174830.235405-000 Event Type: Sukcesy inspekcji User: Computer Name: Jarek-Komputer Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-7 Nazwa konta: LOGOWANIE ANONIMOWE Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x211f65 Typ logowania: 3 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 19959 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100502174830.229405-000 Event Type: Sukcesy inspekcji User: Computer Name: Jarek-Komputer Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-21-1088379616-2378706270-139417566-1003 Nazwa konta: HomeGroupUser$ Domena konta: Jarek-Komputer Identyfikator logowania: 0x1dfcb0 Typ logowania: 3 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 19958 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100502174830.222405-000 Event Type: Sukcesy inspekcji User: Computer Name: Jarek-Komputer Event Code: 5061 Message: Operacja kryptograficzna. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Parametry funkcji kryptograficznej: Nazwa dostawcy: Microsoft Software Key Storage Provider Nazwa algorytmu: RSA Nazwa klucza: fff649f1-e803-4cfc-bd93-12ae6a537e2b Typ klucza: Klucz komputera. Operacja kryptograficzna: Operacja: Otwórz klucz. Kod powrotny: 0x0 Record Number: 19957 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100502174821.212889-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Jarek at 2010-09-03 12:49:22 Microsoft Windows 7 Ultimate System drive C: has 5 GB (12%) free of 40 GB Total RAM: 4095 MB (71% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:49:31, on 2010-09-03 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe D:\Programy zainstalowane\itunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Programy zainstalowane\firefox\firefox.exe C:\Users\Jarek\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Jarek.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programy zainstalowane\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112709 serial=DR12CUS-2178927-HVQ lang=PL O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy zainstalowane\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winghk32.rom,qAlRXdStD O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O23 - Service: 1257776604 (.1257776604) - Unknown owner - C:\Program Files (x86)\1257776604\Jarek1257776604L.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing) -- End of file - 8531 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=D:\Programy zainstalowane\itunes\iTunesHelper.exe [2009-10-28 141600] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920] "CorelDRAW Graphics Suite 11b"=D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe [2004-06-23 733184] "AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "AlcoholAutomount"=D:\Programy zainstalowane\Alcohol 120\axcmd.exe [2009-04-24 203928] "ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184] "MSSMSGS"=winghk32.rom,qAlRXdStD [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "D:\Programy zainstalowane\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" .scr - open - C:\Windows\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2010-09-03 12:49:22 ----D---- C:\rsit 2010-09-03 12:49:22 ----D---- C:\Program Files (x86)\trend micro 2010-09-02 17:21:41 ----D---- C:\Program Files (x86)\Google 2010-08-28 21:36:43 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Roaming 2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Quest3D 2010-08-25 19:30:38 ----D---- C:\ProgramData\Gadu-Gadu 10 2010-08-25 12:20:09 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-21 15:45:00 ----D---- C:\ProgramData\NOS 2010-08-21 13:53:33 ----HD---- C:\Windows\AxInstSV 2010-08-11 20:04:32 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-11 20:04:23 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-11 20:04:22 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-11 20:04:14 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-08 11:15:14 ----D---- C:\Program Files (x86)\Ant Renamer ======List of files/folders modified in the last 1 months====== 2010-09-03 12:49:24 ----D---- C:\Windows\Temp 2010-09-03 12:49:22 ----RD---- C:\Program Files (x86) 2010-09-03 12:44:39 ----SHD---- C:\System Volume Information 2010-09-03 12:41:02 ----A---- C:\Windows\win.ini 2010-09-02 17:22:40 ----SHD---- C:\Windows\Installer 2010-09-02 17:21:43 ----D---- C:\Windows\Tasks 2010-08-31 19:46:11 ----D---- C:\Windows\System32 2010-08-31 19:46:11 ----D---- C:\Windows\inf 2010-08-28 21:36:45 ----D---- C:\Windows 2010-08-28 21:36:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2010-08-28 21:36:07 ----RSD---- C:\Windows\assembly 2010-08-28 21:32:19 ----D---- C:\Windows\Prefetch 2010-08-26 18:30:03 ----D---- C:\Windows\SysWOW64 2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\user32.dll 2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\slwga.dll 2010-08-25 19:30:38 ----HD---- C:\ProgramData 2010-08-25 16:18:37 ----D---- C:\Windows\winsxs 2010-08-25 14:27:21 ----D---- C:\Windows\AppPatch 2010-08-24 13:07:03 ----D---- C:\Users\Jarek\AppData\Roaming\Adobe 2010-08-24 13:06:58 ----D---- C:\ProgramData\Adobe 2010-08-23 12:15:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-22 14:12:32 ----D---- C:\Users\Jarek\AppData\Roaming\Tropico3 2010-08-21 15:50:00 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-08-21 15:49:55 ----D---- C:\Program Files (x86)\Adobe 2010-08-21 15:47:57 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2010-08-13 13:10:12 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:54:30 ----D---- C:\Windows\SysWOW64\migration 2010-08-12 12:54:30 ----D---- C:\Program Files (x86)\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys [2006-11-25 104152] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [] R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2008-08-14 74720] R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] R3 USB_RNDIS;ADSL2+ Modem USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023.sys [] R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [] S3 a9nwb9av;a9nwb9av; C:\Windows\SysWOW64\drivers\a9nwb9av.sys [] S3 asd4wann;asd4wann; C:\Windows\SysWOW64\drivers\asd4wann.sys [] S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [] S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys [] S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys [] S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 StarWindServiceAE;StarWind AE Service; D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WTService;WTService; C:\Windows\System32\atwtusb.exe -s [] R3 iPod Service;Usługa iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-10-28 545568] S2 .1257776604;1257776604; C:\Program Files (x86)\1257776604\Jarek1257776604L.exe [2009-09-14 423016] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-16 1030600] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] [log]OTL logfile created on: 2010-09-03 13:02:37 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jarek\Desktop\do logowania błędów 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,06 Gb Total Space | 4,59 Gb Free Space | 11,74% Space Free | Partition Type: NTFS Drive D: | 196,24 Gb Total Space | 151,95 Gb Free Space | 77,43% Space Free | Partition Type: NTFS Drive E: | 230,46 Gb Total Space | 37,43 Gb Free Space | 16,24% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JAREK-KOMPUTER Current User Name: Jarek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe PRC - [2010-07-25 11:10:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy zainstalowane\firefox\firefox.exe PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-07-16 10:07:57 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-04-24 08:40:46 | 000,660,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV - [2009-12-27 13:58:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-09-14 10:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257776604\Jarek1257776604L.exe -- (.1257776604) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH) DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330) DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS) DRV:[b]64bit:[/b] - [2009-11-09 19:38:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023.sys -- (USB_RNDIS) DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-04-16 21:18:26 | 000,007,808 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:[b]64bit:[/b] - [2009-03-08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:[b]64bit:[/b] - [2007-12-02 13:51:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,293,192 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,101,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:[b]64bit:[/b] - [2007-11-22 07:43:40 | 000,040,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:[b]64bit:[/b] - [2005-03-28 11:30:36 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006-11-25 12:45:02 | 000,104,152 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys -- (ISODrive) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy zainstalowane\firefox\components [2010-08-08 09:47:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy zainstalowane\firefox\plugins [2010-08-21 18:45:03 | 000,000,000 | ---D | M] [2010-05-19 20:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions [2010-08-21 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\hgkuwe9f.default\extensions O1 HOSTS File: ([2010-07-31 14:46:16 | 000,001,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\%VSINSTALL_DIR64%\scriptsn.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [] File not found O4:[b]64bit:[/b] - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe () O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKCU..\Run: [AlcoholAutomount] D:\Programy zainstalowane\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\Pliki programów (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell - "" = AutoRun O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-09-03 12:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\do logowania błędów [2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\rsit [2010-09-02 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010-09-02 17:21:31 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Users\Jarek\Desktop\GoogleEarthPluginSetup.exe [2010-08-28 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ShipSimExtremes Userdata [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Roaming [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Quest3D [2010-08-25 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\załączniki do dokumentacji 02.6.1.1.2010 [2010-08-25 19:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2010-08-25 12:20:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010-08-23 21:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Google [2010-08-22 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\GHISLER [2010-08-21 15:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010-08-21 13:53:33 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2010-08-15 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\altanka [2010-08-14 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (7) [2010-08-14 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\LIGHTBOX [2010-08-14 13:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna_pliki [2010-08-13 12:34:40 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (6) [2010-08-13 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (5) [2010-08-13 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder [2010-08-11 20:04:23 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010-08-11 20:04:23 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010-08-11 20:04:22 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010-08-11 20:04:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010-08-11 20:04:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010-08-11 20:04:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010-08-11 20:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010-08-11 20:04:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010-08-11 20:04:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010-08-11 20:04:16 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010-08-11 20:04:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010-08-11 20:04:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010-08-08 11:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ant Renamer [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-09-03 13:03:00 | 003,145,728 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT [2010-09-03 12:41:02 | 000,000,592 | ---- | M] () -- C:\Windows\win.ini [2010-09-03 12:40:57 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-09-03 12:40:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-09-03 12:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-09-03 12:40:42 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys [2010-09-02 21:37:30 | 005,676,294 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db [2010-09-02 19:26:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-09-02 17:21:32 | 000,567,640 | ---- | M] (Google Inc.) -- C:\Users\Jarek\Desktop\GoogleEarthPluginSetup.exe [2010-09-02 17:09:42 | 000,013,655 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx [2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-09-02 08:21:18 | 000,118,784 | ---- | M] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls [2010-08-31 20:09:18 | 000,065,077 | ---- | M] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg [2010-08-31 19:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-08-31 19:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-08-31 19:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-08-31 19:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-08-31 19:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-08-28 21:37:41 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk [2010-08-28 18:02:06 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk [2010-08-28 18:02:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk [2010-08-26 23:03:27 | 000,012,672 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx [2010-08-26 18:30:03 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2010-08-26 18:30:03 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll [2010-08-26 18:30:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2010-08-26 18:30:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2010-08-26 17:55:09 | 000,012,209 | ---- | M] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx [2010-08-26 16:22:11 | 193,095,529 | ---- | M] () -- C:\Users\Jarek\Desktop\Jak.pdf [2010-08-25 21:37:52 | 000,232,960 | ---- | M] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc [2010-08-25 19:35:54 | 000,002,432 | ---- | M] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html [2010-08-23 15:40:01 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk [2010-08-21 12:35:45 | 000,000,394 | -H-- | M] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add [2010-08-19 07:44:52 | 001,600,215 | ---- | M] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf [2010-08-15 17:10:58 | 000,010,540 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx [2010-08-15 12:38:14 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add [2010-08-14 15:05:01 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add [2010-08-14 13:57:04 | 000,164,749 | ---- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm [2010-08-12 12:56:05 | 003,099,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-08-10 13:37:53 | 000,028,160 | ---- | M] () -- C:\Users\Jarek\Desktop\cv.doc [2010-08-10 13:28:16 | 000,014,537 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx [2010-08-10 12:02:44 | 000,480,329 | ---- | M] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf [2010-08-10 11:30:51 | 000,712,820 | ---- | M] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf [2010-08-10 10:54:24 | 000,117,806 | ---- | M] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx [2010-08-08 12:44:26 | 000,010,006 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-09-02 17:21:43 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-09-02 17:21:42 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-09-02 17:09:59 | 000,118,784 | ---- | C] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls [2010-08-31 20:09:18 | 000,065,077 | ---- | C] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg [2010-08-28 21:35:27 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk [2010-08-28 18:02:06 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk [2010-08-28 18:02:06 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk [2010-08-26 15:56:49 | 193,095,529 | ---- | C] () -- C:\Users\Jarek\Desktop\Jak.pdf [2010-08-26 09:21:39 | 000,012,672 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx [2010-08-25 21:37:52 | 000,232,960 | ---- | C] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc [2010-08-25 19:33:20 | 000,002,432 | ---- | C] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html [2010-08-25 16:52:14 | 000,012,209 | ---- | C] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx [2010-08-23 12:18:12 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk [2010-08-22 17:32:53 | 000,013,655 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx [2010-08-21 12:35:45 | 000,000,394 | -H-- | C] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add [2010-08-19 07:44:52 | 001,600,215 | ---- | C] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf [2010-08-15 17:06:49 | 000,010,540 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx [2010-08-15 12:34:23 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add [2010-08-14 15:05:01 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add [2010-08-14 13:57:03 | 000,164,749 | ---- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm [2010-08-10 13:37:52 | 000,028,160 | ---- | C] () -- C:\Users\Jarek\Desktop\cv.doc [2010-08-10 13:26:55 | 000,014,537 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx [2010-08-10 12:02:44 | 000,480,329 | ---- | C] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf [2010-08-10 11:30:48 | 000,712,820 | ---- | C] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf [2010-08-10 10:52:44 | 000,117,806 | ---- | C] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx [2010-08-08 12:44:15 | 000,010,006 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx [2010-01-08 11:39:29 | 000,008,114 | ---- | C] () -- C:\Windows\aiptbl.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-18 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Autodesk [2010-07-04 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Cream Software [2009-11-21 18:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\DAEMON Tools Lite [2010-04-11 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER [2010-04-22 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Opera [2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Quest3D [2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Roaming [2010-08-01 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tific [2010-08-22 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tropico3 [2009-11-09 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Ubisoft [2010-08-01 09:17:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-11-02 11:22:11 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2009-11-09 16:09:31 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2008-06-16 03:28:36 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009-11-09 16:09:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-09-01 10:47:54 | 000,000,668 | ---- | M] () -- C:\ccJobMgr.dat [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-05-28 11:05:13 | 000,181,408 | RHS- | M] () -- C:\grldr [2010-09-03 12:40:42 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys [2009-11-02 11:26:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-02 11:26:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-06-16 03:28:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-06-16 03:28:36 | 000,251,152 | RHS- | M] () -- C:\ntldr [2009-11-02 15:56:28 | 000,000,573 | ---- | M] () -- C:\RHDSetup.log [2009-11-26 19:47:43 | 000,018,637 | ---- | M] () -- C:\st330AdaptorMgr.log [2009-11-26 19:48:33 | 000,203,794 | ---- | M] () -- C:\stInstall.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [2008-06-16 03:28:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\Windows.old\Windows\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-06-16 03:28:36 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Windows.old\Windows\system32\drivers\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-06-16 03:28:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\Windows.old\Windows\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-06-16 03:28:36 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Windows.old\Windows\system32\drivers\ndis.sys [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2008-06-16 03:28:36 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=335813EACD16E84F3047A3326F6E5473 -- C:\Windows.old\Windows\system32\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report > [/log]
Tomek01 komentarz 3 września 2010 komentarz 3 września 2010 Uruchom HiJackThis, zaznacz fajki przy podanych niżej wpisach a następnie Fix chcecked: O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winghk32.rom,qAlRXdStD F2 - REG:system.ini: UserInit=userinit.exe Odnośnie tego wpisu: F2 - REG:system.ini: UserInit=userinit.exe Skoro się pojawił tzn, że jest coś nie tak. Nie powinien się pojawiać w logu. Wchodzisz w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wartość Userinit powinna być ustawiona na C:\Windows\system32\userinit.exe,. Przecinek na końcu jest niezbędny ! W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL SRV - [2009-09-14 10:49:52 | 000,423,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1257776604\Jarek1257776604L.exe -- (.1257776604) O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found :Reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSSMSGS"=- :Commands [emptytemp] [start explorer] [Reboot] [/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzucasz log z usuwania OTL oraz nowe logi OTL i RSIT.
Hanulec komentarz 4 września 2010 Autor komentarz 4 września 2010 [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Service .1257776604 stopped successfully! Service .1257776604 deleted successfully! C:\Program Files (x86)\1257776604\Jarek1257776604L.exe moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSSMSGS not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jarek ->Temp folder emptied: 833064502 bytes ->Temporary Internet Files folder emptied: 56982901 bytes ->FireFox cache emptied: 98243423 bytes ->Opera cache emptied: 3144707 bytes ->Flash cache emptied: 2067663 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11319893 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes RecycleBin emptied: 811346819 bytes Total Files Cleaned = 1 732,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 09042010_143736 Files\Folders moved on Reboot... C:\Users\Jarek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Jarek at 2010-09-04 14:46:21 Microsoft Windows 7 Ultimate System drive C: has 2 GB (5%) free of 40 GB Total RAM: 4095 MB (73% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:46:37, on 2010-09-04 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe D:\Programy zainstalowane\itunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Jarek\Desktop\do logowania błędów\RSIT.exe C:\Program Files (x86)\trend micro\Jarek.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programy zainstalowane\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112709 serial=DR12CUS-2178927-HVQ lang=PL O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programy zainstalowane\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing) -- End of file - 8247 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=D:\Programy zainstalowane\itunes\iTunesHelper.exe [2009-10-28 141600] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920] "CorelDRAW Graphics Suite 11b"=D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe [2004-06-23 733184] "AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "AlcoholAutomount"=D:\Programy zainstalowane\Alcohol 120\axcmd.exe [2009-04-24 203928] "ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "D:\Programy zainstalowane\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" .scr - open - C:\Windows\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2010-09-04 14:39:07 ----ASH---- C:\pagefile.sys 2010-09-04 14:37:36 ----D---- C:\_OTL 2010-09-03 12:49:22 ----D---- C:\rsit 2010-09-03 12:49:22 ----D---- C:\Program Files (x86)\trend micro 2010-09-02 17:21:41 ----D---- C:\Program Files (x86)\Google 2010-08-28 21:36:43 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Roaming 2010-08-28 20:08:00 ----D---- C:\Users\Jarek\AppData\Roaming\Quest3D 2010-08-25 19:30:38 ----D---- C:\ProgramData\Gadu-Gadu 10 2010-08-25 12:20:09 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-21 15:45:00 ----D---- C:\ProgramData\NOS 2010-08-21 13:53:33 ----HD---- C:\Windows\AxInstSV 2010-08-11 20:04:32 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-11 20:04:23 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-11 20:04:22 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-11 20:04:20 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-11 20:04:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-11 20:04:16 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-11 20:04:14 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-08 11:15:14 ----D---- C:\Program Files (x86)\Ant Renamer ======List of files/folders modified in the last 1 months====== 2010-09-04 14:46:37 ----D---- C:\Windows\Temp 2010-09-04 14:39:47 ----SHD---- C:\System Volume Information 2010-09-04 14:39:31 ----A---- C:\Windows\win.ini 2010-09-04 14:37:37 ----D---- C:\Program Files (x86)\1257776604 2010-09-04 14:27:28 ----SHD---- C:\Windows\Installer 2010-09-04 14:27:27 ----SD---- C:\Users\Jarek\AppData\Roaming\Microsoft 2010-09-03 12:49:22 ----RD---- C:\Program Files (x86) 2010-09-02 17:21:43 ----D---- C:\Windows\Tasks 2010-08-31 19:46:11 ----D---- C:\Windows\System32 2010-08-31 19:46:11 ----D---- C:\Windows\inf 2010-08-28 21:36:45 ----D---- C:\Windows 2010-08-28 21:36:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2010-08-28 21:36:07 ----RSD---- C:\Windows\assembly 2010-08-28 21:32:19 ----D---- C:\Windows\Prefetch 2010-08-26 18:30:03 ----D---- C:\Windows\SysWOW64 2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\user32.dll 2010-08-26 18:30:03 ----A---- C:\Windows\SysWOW64\slwga.dll 2010-08-25 19:30:38 ----HD---- C:\ProgramData 2010-08-25 16:18:37 ----D---- C:\Windows\winsxs 2010-08-25 14:27:21 ----D---- C:\Windows\AppPatch 2010-08-24 13:07:03 ----D---- C:\Users\Jarek\AppData\Roaming\Adobe 2010-08-24 13:06:58 ----D---- C:\ProgramData\Adobe 2010-08-23 12:15:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-22 14:12:32 ----D---- C:\Users\Jarek\AppData\Roaming\Tropico3 2010-08-21 15:50:00 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-08-21 15:49:55 ----D---- C:\Program Files (x86)\Adobe 2010-08-21 15:47:57 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2010-08-13 13:10:12 ----D---- C:\Windows\Microsoft.NET 2010-08-12 12:54:30 ----D---- C:\Windows\SysWOW64\migration 2010-08-12 12:54:30 ----D---- C:\Program Files (x86)\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 ISODrive;ISO CD-ROM Device Driver; \??\D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys [2006-11-25 104152] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [] R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2008-08-14 74720] R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] R3 USB_RNDIS;ADSL2+ Modem USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023.sys [] R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [] S3 a0789mtu;a0789mtu; C:\Windows\SysWOW64\drivers\a0789mtu.sys [] S3 asypcf8h;asypcf8h; C:\Windows\SysWOW64\drivers\asypcf8h.sys [] S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [] S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 ST330;ST330; C:\Windows\system32\DRIVERS\st330.sys [] S3 STBUS;STBUS; C:\Windows\system32\DRIVERS\stbus.sys [] S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 StarWindServiceAE;StarWind AE Service; D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WTService;WTService; C:\Windows\System32\atwtusb.exe -s [] R3 iPod Service;Usługa iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-02 136176] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-16 1030600] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-27 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] [log]OTL logfile created on: 2010-09-04 14:41:56 - Run 4 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Jarek\Desktop\do logowania błędów 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,06 Gb Total Space | 2,12 Gb Free Space | 5,43% Space Free | Partition Type: NTFS Drive D: | 196,24 Gb Total Space | 155,92 Gb Free Space | 79,45% Space Free | Partition Type: NTFS Drive E: | 230,46 Gb Total Space | 37,43 Gb Free Space | 16,24% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JAREK-KOMPUTER Current User Name: Jarek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-09-03 12:47:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Desktop\do logowania błędów\OTL.exe MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-07-16 10:07:57 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-04-24 08:40:46 | 000,660,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV - [2009-12-27 13:58:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy zainstalowane\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH) DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330) DRV:[b]64bit:[/b] - [2009-11-26 19:43:41 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS) DRV:[b]64bit:[/b] - [2009-11-09 19:38:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023.sys -- (USB_RNDIS) DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-04-16 21:18:26 | 000,007,808 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:[b]64bit:[/b] - [2009-03-08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:[b]64bit:[/b] - [2007-12-02 13:51:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,293,192 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:[b]64bit:[/b] - [2007-11-22 07:44:08 | 000,101,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:[b]64bit:[/b] - [2007-11-22 07:43:40 | 000,040,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:[b]64bit:[/b] - [2005-03-28 11:30:36 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006-11-25 12:45:02 | 000,104,152 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy zainstalowane\UltraISO\drivers\ISODrv64.sys -- (ISODrive) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy zainstalowane\firefox\components [2010-08-08 09:47:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy zainstalowane\firefox\plugins [2010-08-21 18:45:03 | 000,000,000 | ---D | M] [2010-05-19 20:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions [2010-08-21 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\hgkuwe9f.default\extensions O1 HOSTS File: ([2010-07-31 14:46:16 | 000,001,382 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\%VSINSTALL_DIR64%\scriptsn.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe () O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] D:\Programy zainstalowane\COREL DRAW\Languages\PL\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKCU..\Run: [AlcoholAutomount] D:\Programy zainstalowane\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programy zainstalowane\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\Pliki programów (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-02 11:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell - "" = AutoRun O33 - MountPoints2\{ce03e239-cd56-11de-8b6f-81b6b63d0472}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-09-04 14:37:36 | 000,000,000 | ---D | C] -- C:\_OTL [2010-09-03 12:56:51 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\do logowania błędów [2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010-09-03 12:49:22 | 000,000,000 | ---D | C] -- C:\rsit [2010-09-02 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010-08-28 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ShipSimExtremes Userdata [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Roaming [2010-08-28 20:08:00 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Quest3D [2010-08-25 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\załączniki do dokumentacji 02.6.1.1.2010 [2010-08-25 19:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2010-08-25 12:20:09 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010-08-23 21:16:52 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Google [2010-08-22 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\GHISLER [2010-08-21 15:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010-08-21 13:53:33 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2010-08-15 14:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\altanka [2010-08-14 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (7) [2010-08-14 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\LIGHTBOX [2010-08-14 13:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna_pliki [2010-08-13 12:34:40 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (6) [2010-08-13 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder (5) [2010-08-13 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Nowy folder [2010-08-11 20:04:23 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010-08-11 20:04:23 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010-08-11 20:04:22 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010-08-11 20:04:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010-08-11 20:04:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010-08-11 20:04:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010-08-11 20:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010-08-11 20:04:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010-08-11 20:04:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010-08-11 20:04:16 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010-08-11 20:04:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010-08-11 20:04:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010-08-08 11:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ant Renamer [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-09-04 14:39:31 | 000,000,592 | ---- | M] () -- C:\Windows\win.ini [2010-09-04 14:39:28 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-09-04 14:39:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-09-04 14:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-09-04 14:39:04 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys [2010-09-04 14:38:27 | 003,145,728 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT [2010-09-04 14:38:24 | 005,679,071 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db [2010-09-04 14:27:27 | 000,002,975 | ---- | M] () -- C:\Users\Jarek\Desktop\HiJackThis.lnk [2010-09-04 14:26:10 | 001,402,880 | ---- | M] () -- C:\Users\Jarek\Desktop\HiJackThis.msi [2010-09-04 14:26:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-09-03 19:57:21 | 000,010,668 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (7).docx [2010-09-03 18:23:22 | 000,013,843 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx [2010-09-03 17:23:33 | 000,013,907 | ---- | M] () -- C:\Users\Jarek\Desktop\torba r1 poż pol.docx [2010-09-03 17:20:18 | 000,000,000 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (2).docx [2010-09-03 17:12:57 | 000,161,796 | ---- | M] () -- C:\Users\Jarek\Desktop\zestaw-psp_r1.pdf [2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-09-02 13:26:40 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-09-02 08:21:18 | 000,118,784 | ---- | M] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls [2010-08-31 20:09:18 | 000,065,077 | ---- | M] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg [2010-08-31 19:46:11 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-08-31 19:46:11 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-08-31 19:46:11 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-08-31 19:46:11 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-08-31 19:46:11 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-08-28 21:37:41 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk [2010-08-28 18:02:06 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk [2010-08-28 18:02:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk [2010-08-26 23:03:27 | 000,012,672 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx [2010-08-26 18:30:03 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2010-08-26 18:30:03 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll [2010-08-26 18:30:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2010-08-26 18:30:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2010-08-26 17:55:09 | 000,012,209 | ---- | M] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx [2010-08-26 16:22:11 | 193,095,529 | ---- | M] () -- C:\Users\Jarek\Desktop\Jak.pdf [2010-08-25 21:37:52 | 000,232,960 | ---- | M] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc [2010-08-25 19:35:54 | 000,002,432 | ---- | M] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html [2010-08-23 15:40:01 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk [2010-08-21 12:35:45 | 000,000,394 | -H-- | M] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add [2010-08-19 07:44:52 | 001,600,215 | ---- | M] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf [2010-08-15 17:10:58 | 000,010,540 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx [2010-08-15 12:38:14 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add [2010-08-14 15:05:01 | 000,000,393 | -H-- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add [2010-08-14 13:57:04 | 000,164,749 | ---- | M] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm [2010-08-12 12:56:05 | 003,099,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-08-10 13:37:53 | 000,028,160 | ---- | M] () -- C:\Users\Jarek\Desktop\cv.doc [2010-08-10 13:28:16 | 000,014,537 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx [2010-08-10 12:02:44 | 000,480,329 | ---- | M] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf [2010-08-10 11:30:51 | 000,712,820 | ---- | M] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf [2010-08-10 10:54:24 | 000,117,806 | ---- | M] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx [2010-08-08 12:44:26 | 000,010,006 | ---- | M] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-09-04 14:27:27 | 000,002,975 | ---- | C] () -- C:\Users\Jarek\Desktop\HiJackThis.lnk [2010-09-04 14:26:05 | 001,402,880 | ---- | C] () -- C:\Users\Jarek\Desktop\HiJackThis.msi [2010-09-03 19:48:43 | 000,010,668 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (7).docx [2010-09-03 17:23:32 | 000,013,907 | ---- | C] () -- C:\Users\Jarek\Desktop\torba r1 poż pol.docx [2010-09-03 17:20:18 | 000,000,000 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (2).docx [2010-09-03 17:12:53 | 000,161,796 | ---- | C] () -- C:\Users\Jarek\Desktop\zestaw-psp_r1.pdf [2010-09-02 17:21:43 | 000,001,046 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010-09-02 17:21:42 | 000,001,042 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010-09-02 17:09:59 | 000,118,784 | ---- | C] () -- C:\Users\Jarek\Desktop\Kopia CENNIK-sprzęt ratownictwa medycznego- ceny katalogowe 20 10 r.(bez zdjęć).xls [2010-08-31 20:09:18 | 000,065,077 | ---- | C] () -- C:\Users\Jarek\Desktop\126795-Nad-jeziorem-Zarnowieckim-w-ciagu-najblizszych-5-lat-moze-ruszyc-budowa.jpg [2010-08-28 21:35:27 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator Extremes.lnk [2010-08-28 18:02:06 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry Delta Sector.lnk [2010-08-28 18:02:06 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk [2010-08-26 15:56:49 | 193,095,529 | ---- | C] () -- C:\Users\Jarek\Desktop\Jak.pdf [2010-08-26 09:21:39 | 000,012,672 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Arkusz programu Microsoft Office Excel (2).xlsx [2010-08-25 21:37:52 | 000,232,960 | ---- | C] () -- C:\Users\Jarek\Desktop\wzor_wniosku.doc [2010-08-25 19:33:20 | 000,002,432 | ---- | C] () -- C:\Users\Jarek\AppData\Local\Tempxm3688.html [2010-08-25 16:52:14 | 000,012,209 | ---- | C] () -- C:\Users\Jarek\Desktop\Lista firm strażackich.docx [2010-08-23 12:18:12 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Jouer ŕ Emergency 4.lnk [2010-08-22 17:32:53 | 000,013,843 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (6).docx [2010-08-21 12:35:45 | 000,000,394 | -H-- | C] () -- C:\Users\Jarek\Desktop\dogalfot13.html.add [2010-08-19 07:44:52 | 001,600,215 | ---- | C] () -- C:\Users\Jarek\Desktop\formularz_3a_lista_wnioskow_z_o_onych_7.2_1.pdf [2010-08-15 17:06:49 | 000,010,540 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (5).docx [2010-08-15 12:34:23 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\gallery-floating-caption.html.add [2010-08-14 15:05:01 | 000,000,393 | -H-- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm.add [2010-08-14 13:57:03 | 000,164,749 | ---- | C] () -- C:\Users\Jarek\Desktop\www.112.pl - Pożary, wypadki, zdarzenia - Strona główna.htm [2010-08-10 13:37:52 | 000,028,160 | ---- | C] () -- C:\Users\Jarek\Desktop\cv.doc [2010-08-10 13:26:55 | 000,014,537 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word (4).docx [2010-08-10 12:02:44 | 000,480,329 | ---- | C] () -- C:\Users\Jarek\Desktop\wniosek_dotacja5.pdf [2010-08-10 11:30:48 | 000,712,820 | ---- | C] () -- C:\Users\Jarek\Desktop\przewodnik_beneficjenta_rpo_wp_2007_2013_10.06.pdf [2010-08-10 10:52:44 | 000,117,806 | ---- | C] () -- C:\Users\Jarek\Desktop\cennik poż-pol.docx [2010-08-08 12:44:15 | 000,010,006 | ---- | C] () -- C:\Users\Jarek\Desktop\Nowy Dokument programu Microsoft Office Word.docx [2010-01-08 11:39:29 | 000,008,114 | ---- | C] () -- C:\Windows\aiptbl.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-18 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Autodesk [2010-07-04 20:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Cream Software [2009-11-21 18:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\DAEMON Tools Lite [2010-04-11 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\GHISLER [2010-04-22 19:40:08 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Opera [2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Quest3D [2010-08-28 20:08:00 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Roaming [2010-08-01 09:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tific [2010-08-22 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Tropico3 [2009-11-09 20:13:25 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Ubisoft [2010-08-01 09:17:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] Po restarcie już się błąd nie pojawia, mam nadzieję że w logach wszystko już jest ok
Tomek01 komentarz 4 września 2010 komentarz 4 września 2010 Wszystko ok poza tym: F2 - REG:system.ini: UserInit=userinit.exe Czy wykonałeś polecenia w związku z tym wpisem ? Czy sprawdziłeś rejestr ? Spróbuj w trybie awaryjnym usunąć go w HiJackThis.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.