x-kom hosting

Prosba o sprawdzenie logow OTL

Degh
utworzono
utworzono

Prosze o sprawdzenie logow OTL, dziwne rzeczy startuja mi z windowsem jak np "application driver auto removal"

[log]OTL logfile created on: 2010-09-20 22:55:08 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 65,02 Gb Free Space | 27,92% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 139,37 Gb Free Space | 59,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEGH-2D6A971E51
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-09-20 22:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL_3.2.12.1(dobreprogramy.pl).exe
PRC - [2010-09-18 15:04:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-09-16 13:23:00 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-09-16 13:22:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-08-11 03:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2010-07-11 19:13:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
PRC - [2010-07-06 18:26:42 | 019,556,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2007-02-18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-09-20 22:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL_3.2.12.1(dobreprogramy.pl).exe
MOD - [2010-07-27 12:11:14 | 008,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shell32.dll
MOD - [2010-07-26 15:18:08 | 000,634,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rpcrt4.dll
MOD - [2010-06-24 14:45:22 | 011,077,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ieframe.dll
MOD - [2010-06-24 14:45:22 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\iertutil.dll
MOD - [2010-06-24 14:45:22 | 001,210,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\urlmon.dll
MOD - [2009-10-15 13:35:36 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shlwapi.dll
MOD - [2009-06-16 13:25:28 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\secur32.dll
MOD - [2009-03-21 09:47:30 | 001,009,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\kernel32.dll
MOD - [2009-03-19 19:51:22 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdll.dll
MOD - [2009-03-19 19:51:22 | 000,619,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\advapi32.dll
MOD - [2008-10-23 18:49:16 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\gdi32.dll
MOD - [2008-10-17 07:53:16 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\netapi32.dll
MOD - [2008-06-21 15:07:46 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\dnsapi.dll
MOD - [2007-12-13 16:28:08 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\oleaut32.dll
MOD - [2007-03-02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\user32.dll
MOD - [2007-02-18 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ole32.dll
MOD - [2007-02-18 14:00:00 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\setupapi.dll
MOD - [2007-02-18 14:00:00 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws03res.dll
MOD - [2007-02-18 14:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007-02-18 14:00:00 | 000,780,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\userenv.dll
MOD - [2007-02-18 14:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\clbcatq.dll
MOD - [2007-02-18 14:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcrt.dll
MOD - [2007-02-18 14:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTF.dll
MOD - [2007-02-18 14:00:00 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mstask.dll
MOD - [2007-02-18 14:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2007-02-18 14:00:00 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\uxtheme.dll
MOD - [2007-02-18 14:00:00 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wldap32.dll
MOD - [2007-02-18 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007-02-18 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007-02-18 14:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winspool.drv
MOD - [2007-02-18 14:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\apphelp.dll
MOD - [2007-02-18 14:00:00 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntmarta.dll
MOD - [2007-02-18 14:00:00 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imm32.dll
MOD - [2007-02-18 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2007-02-18 14:00:00 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\olepro32.dll
MOD - [2007-02-18 14:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2_32.dll
MOD - [2007-02-18 14:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\srclient.dll
MOD - [2007-02-18 14:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdsapi.dll
MOD - [2007-02-18 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mpr.dll
MOD - [2007-02-18 14:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\samlib.dll
MOD - [2007-02-18 14:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\psapi.dll
MOD - [2007-02-18 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2help.dll
MOD - [2007-02-18 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\version.dll
MOD - [2007-02-17 07:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\nvsvc64.exe -- (nvsvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\mnmsrvc.exe -- (mnmsrvc)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter)
SRV:[b]64bit:[/b] - [2010-05-06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2010-04-07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008-07-25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007-02-18 14:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2007-02-18 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006-10-18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\Drivers\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi)
DRV:[b]64bit:[/b] - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys -- (nvnetbus)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvgts64.sys -- (nvgts64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys -- (nv)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nic1394.sys -- (NIC1394)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Monft64.sys -- (Monfilt64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\Drivers\LBeepKE.sys -- (LBeepKE)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - File not found [File_System | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio)
DRV:[b]64bit:[/b] - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\arp1394.sys -- (Arp1394)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\Drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Ambft64.sys -- (Ambfilt64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec)
DRV - [2010-08-11 03:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2007-02-18 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]







IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: streamo.tv@lukow.pl:1.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-18 15:04:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-18 15:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-07-11 17:13:09 | 000,000,000 | ---D | M]

[2010-07-11 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010-09-20 14:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions
[2010-08-19 08:01:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-07-25 11:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\streamo.tv@lukow.pl
[2010-09-20 14:28:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-07-11 19:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-05-18 14:39:58 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCARDS.dll
[2010-07-11 19:13:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-06-26 09:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-06-26 09:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-06-26 09:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-06-26 09:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-06-26 09:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-06-26 09:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml

Hosts file not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [KernelFaultCheck] File not found
O4:[b]64bit:[/b] - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
NetSvcs:[b]64bit:[/b] DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found
NetSvcs:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
NetSvcs:[b]64bit:[/b] Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found
NetSvcs:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
NetSvcs:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
NetSvcs:[b]64bit:[/b] Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found
NetSvcs:[b]64bit:[/b] xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found
NetSvcs:[b]64bit:[/b] wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found

MsConfig:64bit - Services: "appdrvrem01"
MsConfig:64bit - Services: "nvsvc"
MsConfig:64bit - Services: "idsvc"
MsConfig:64bit - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe File not found
MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found
SafeBootMin:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found
SafeBootMin:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found
SafeBootMin:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found
SafeBootMin:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found
SafeBootMin:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] sermouse.sys - Driver
SafeBootMin:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
SafeBootMin:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found
SafeBootNet:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found
SafeBootNet:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found
SafeBootNet:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found
SafeBootNet:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found
SafeBootNet:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] ip6fw.sys - C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found
SafeBootNet:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - C:\WINDOWS\SysNative\sessmgr.exe File not found
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] sermouse.sys - Driver
SafeBootNet:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
SafeBootNet:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] UploadMgr - Service
SafeBootNet:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
SafeBootNet:[b]64bit:[/b] {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-09-20 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-09-19 22:54:27 | 009,970,920 | ---- | C] (BioWare) -- C:\Documents and Settings\Administrator\Desktop\daorigins.exe
[2010-09-18 15:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010-09-18 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010-09-18 15:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010-09-17 20:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\p95v2511
[2010-09-17 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340
[2010-09-17 20:48:57 | 002,325,792 | ---- | C] (CPUID) -- C:\Documents and Settings\Administrator\My Documents\cpuz64.exe
[2010-09-17 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010-09-15 21:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010-09-15 11:34:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010-09-15 11:33:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-09-15 11:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010-09-15 11:27:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-09-13 09:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dragon age dodatki
[2010-09-10 15:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-09-10 12:34:41 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\SysWow64\B4FM.dll
[2010-09-10 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burn4Free
[2010-09-08 18:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-09-08 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BioWare
[2010-09-08 18:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2010-09-08 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010-09-04 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010-09-04 12:37:34 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\SysWow64\TwnLib20.dll
[2010-09-04 12:37:30 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\SysWow64\picn20.dll
[2010-09-04 12:37:29 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\SysWow64\imagr5.dll
[2010-09-04 12:37:29 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\imagx5.dll
[2010-09-04 12:37:28 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\ImagXpr5.dll
[2010-09-04 12:37:20 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\SysWow64\NeroCheck.exe
[2010-09-04 12:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010-09-04 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead
[2010-08-31 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2010-08-31 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fallout3
[2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive
[2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010-08-28 00:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010-08-27 10:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2010-08-27 10:40:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2010-08-27 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010-08-25 00:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2010-08-25 00:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010-08-25 00:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010-08-25 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010-08-25 00:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2K Games
[2010-08-23 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gstreamer-0.10
[2010-08-23 20:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-08-23 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenFM
[2010-08-23 14:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
[2010-08-22 08:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatsRunning
[2010-08-21 14:24:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-08-21 14:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010-08-20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AliensVsPredator
[2010-08-19 09:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-08-15 15:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Contacts
[2010-08-15 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010-08-15 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010-07-30 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\StarCraft II
[2010-07-30 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2010-07-30 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Phone Tools
[2010-07-30 11:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010-07-30 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010-07-29 15:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\muza
[2010-07-28 10:46:31 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010-07-28 10:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010-07-28 10:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\QuickTime
[2010-07-28 10:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-07-24 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010-07-24 21:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2010-07-24 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-07-23 12:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet
[61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-10-08 12:53:32 | 000,674,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG
[2010-10-08 12:53:14 | 000,668,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG
[2010-10-08 12:50:08 | 000,669,315 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG
[2010-10-08 12:49:56 | 000,629,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG
[2010-10-08 12:49:26 | 000,646,100 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG
[2010-10-08 12:39:18 | 000,682,108 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG
[2010-10-08 12:37:50 | 000,665,207 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG
[2010-10-08 12:28:20 | 000,600,939 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG
[2010-09-20 22:31:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-20 22:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-20 22:30:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-20 22:30:08 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-09-20 22:30:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-09-20 22:30:04 | 006,417,914 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010-09-20 20:48:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-20 16:04:08 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-18 15:25:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-18 15:04:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010-09-18 12:53:48 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010-09-17 20:47:30 | 001,055,367 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip
[2010-09-16 15:47:18 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-16 15:27:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-09-16 15:26:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2010-09-16 15:26:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2010-09-16 15:23:23 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-09-15 21:37:08 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc
[2010-09-15 11:33:26 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-09-12 23:28:17 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk
[2010-09-10 12:34:41 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010-09-10 12:34:41 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk
[2010-09-07 20:29:57 | 000,545,468 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg
[2010-09-07 20:29:50 | 000,522,299 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg
[2010-09-07 20:29:26 | 000,523,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg
[2010-09-07 20:29:04 | 000,515,185 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg
[2010-09-07 12:14:12 | 000,042,971 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg
[2010-09-05 23:56:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc
[2010-09-05 19:09:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVGA Precision.lnk
[2010-09-04 12:39:11 | 000,001,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010-09-04 12:39:11 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010-09-04 12:29:24 | 000,887,411 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip
[2010-09-02 17:27:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc
[2010-08-28 09:23:32 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk
[2010-08-27 13:34:34 | 000,017,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-08-26 21:35:55 | 000,134,144 | ---- | M] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2010-08-25 14:56:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk
[2010-08-21 14:05:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk
[2010-08-11 09:02:38 | 000,591,140 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010-08-09 16:55:01 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk
[2010-07-31 00:03:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-07-28 10:45:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010-07-28 10:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\QuickTime.qtp
[2010-07-23 12:48:53 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\proc-1037709799.bin
[61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-08 12:53:32 | 000,674,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG
[2010-10-08 12:53:14 | 000,668,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG
[2010-10-08 12:50:08 | 000,669,315 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG
[2010-10-08 12:49:56 | 000,629,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG
[2010-10-08 12:49:26 | 000,646,100 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG
[2010-09-18 15:05:07 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-18 15:05:06 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-18 12:53:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010-09-17 20:48:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpuz.ini
[2010-09-17 20:47:30 | 001,055,367 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip
[2010-09-16 15:27:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-09-15 21:37:08 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc
[2010-09-10 12:34:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010-09-10 12:34:41 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk
[2010-09-09 12:11:58 | 049,073,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dragon_Age_Origins_-_Poradnik_Gry-OnLine.pdf
[2010-09-08 18:10:15 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk
[2010-09-07 20:29:57 | 000,545,468 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg
[2010-09-07 20:29:49 | 000,522,299 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg
[2010-09-07 20:29:26 | 000,523,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg
[2010-09-07 20:29:04 | 000,515,185 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg
[2010-09-07 18:59:42 | 000,665,207 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG
[2010-09-07 18:59:42 | 000,600,939 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG
[2010-09-07 18:59:41 | 000,682,108 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG
[2010-09-07 12:18:02 | 000,042,971 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg
[2010-09-06 16:26:24 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc
[2010-09-06 16:26:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc
[2010-09-06 13:07:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-04 12:39:11 | 000,001,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010-09-04 12:39:11 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010-09-04 12:29:22 | 000,887,411 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip
[2010-08-28 09:23:31 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk
[2010-08-25 14:56:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk
[2010-08-21 14:05:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk
[2010-08-09 16:55:01 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk
[2010-07-30 23:55:18 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-07-28 10:45:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010-07-28 10:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\QuickTime.qtp
[2010-07-23 12:48:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SysWow64\proc-1037709799.bin
[2010-07-13 21:54:47 | 000,134,144 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2010-07-13 21:54:44 | 000,207,360 | ---- | C] () -- C:\WINDOWS\SysWow64\evrprop.dll
[2010-07-13 21:54:08 | 000,080,384 | ---- | C] () -- C:\WINDOWS\SysWow64\mkzlib.dll
[2010-07-13 21:54:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\mkunicode.dll
[2010-07-13 18:39:34 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-12 16:32:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2010-07-11 16:49:13 | 000,591,140 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2007-02-18 14:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007-02-18 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007-02-18 14:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007-02-18 14:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007-02-18 14:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007-02-18 14:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007-02-18 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007-02-18 14:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007-02-18 14:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007-02-18 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007-02-18 14:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007-02-18 14:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007-02-18 14:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007-02-18 14:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007-02-18 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007-02-18 14:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007-02-18 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007-02-18 14:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-18 12:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BESTplayer
[2010-07-20 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command and Conquer 4
[2010-07-12 16:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu 10
[2010-07-23 12:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet
[2010-07-13 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010-08-15 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010-09-03 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2010-08-28 00:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010-08-23 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenFM
[2010-09-19 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010-07-11 20:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010-09-08 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-07-30 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010-07-11 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-07-12 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2010-09-18 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010-09-20 22:30:10 | 000,032,582 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-09-20 22:30:49 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
< End of report >
[/log]


Dzieki

Tomek01
komentarz
komentarz

Nie wiele jest do usunięcia. Zajmę się tym po zobaczeniu log'u RSIT.

Degh
komentarz
komentarz (edytowane)

Log RSIT
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-09-21 18:34:04
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 66 GB (28%) free of 238 GB
Total RAM: 4094 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:34:06, on 2010-09-21
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Pobieranie\RSIT.exe
C:\Program Files (x86)\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWow64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWow64\browseui.dll
O23 - Service: Dragon Age: Początek - Aktualizator zawartości (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7038 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job
C:\WINDOWS\tasks\RegistryBooster.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-11 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-21 36864]
"36X Raid Configurer"=C:\WINDOWS\SysWOW64\xRaidSetup.exe [2007-11-19 1970176]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"EVGAPrecision"=C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe [2010-08-11 302184]
"NeroFilterCheck"=C:\WINDOWS\SysWow64\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-09-18 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=lsass.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Split second\SplitSecond.exe"="D:\Split second\SplitSecond.exe:*:Enabled:Split/Second"
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files (x86)\Steam\Steam.exe"="C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam"
"D:\Dragon Age\bin_ship\daorigins.exe"="D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra"
"D:\Dragon Age\DAOriginsLauncher.exe"="D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy"
"D:\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Aktualizator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.ini - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.txt - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-21 18:34:04 ----D---- C:\rsit
2010-09-21 12:58:46 ----D---- C:\Program Files (x86)\OCCT
2010-09-20 22:10:31 ----D---- C:\Program Files (x86)\Trend Micro
2010-09-18 15:04:59 ----A---- C:\WINDOWS\SysWOW64\rmoc3260.dll
2010-09-18 15:04:54 ----A---- C:\WINDOWS\SysWOW64\pndx5032.dll
2010-09-18 15:04:54 ----A---- C:\WINDOWS\SysWOW64\pndx5016.dll
2010-09-18 15:04:45 ----D---- C:\Program Files (x86)\Common Files\xing shared
2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\msvcp71.dll
2010-09-18 15:04:30 ----D---- C:\Program Files (x86)\Common Files\Real
2010-09-18 15:04:29 ----D---- C:\Program Files (x86)\Real
2010-09-18 15:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-09-18 15:03:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
2010-09-17 18:34:32 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2010-09-16 15:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM11x64$
2010-09-16 15:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM11x64$
2010-09-16 15:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM11x64$
2010-09-16 15:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM11x64$
2010-09-16 15:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11x64$
2010-09-16 15:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569_WM11$
2010-09-16 15:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-09-16 15:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-09-16 15:23:34 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-09-16 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallwmp11-64$
2010-09-16 15:22:32 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11-64$
2010-09-16 15:22:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-09-15 21:49:17 ----D---- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2010-09-15 11:31:26 ----A---- C:\WINDOWS\SysWOW64\wininet.dll
2010-09-15 11:31:26 ----A---- C:\WINDOWS\SysWOW64\urlmon.dll
2010-09-15 11:31:25 ----A---- C:\WINDOWS\SysWOW64\mshtml.dll
2010-09-15 11:31:25 ----A---- C:\WINDOWS\SysWOW64\iepeers.dll
2010-09-15 11:27:33 ----HDC---- C:\WINDOWS\ie8
2010-09-15 11:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 11:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 11:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 11:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 11:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 11:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 11:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-10 15:11:28 ----D---- C:\WINDOWS\Minidump
2010-09-10 12:34:41 ----A---- C:\WINDOWS\SysWOW64\B4FM.dll
2010-09-10 12:34:39 ----D---- C:\Program Files (x86)\Burn4Free
2010-09-08 18:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare
2010-09-08 18:05:37 ----D---- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
2010-09-08 17:48:46 ----D---- C:\Program Files (x86)\Common Files\BioWare
2010-09-06 13:07:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-04 12:37:34 ----A---- C:\WINDOWS\SysWOW64\TwnLib20.dll
2010-09-04 12:37:30 ----A---- C:\WINDOWS\SysWOW64\picn20.dll
2010-09-04 12:37:29 ----A---- C:\WINDOWS\SysWOW64\imagx5.dll
2010-09-04 12:37:29 ----A---- C:\WINDOWS\SysWOW64\imagr5.dll
2010-09-04 12:37:28 ----A---- C:\WINDOWS\SysWOW64\ImagXpr5.dll
2010-09-04 12:37:20 ----D---- C:\Program Files (x86)\Common Files\Ahead
2010-09-04 12:37:20 ----A---- C:\WINDOWS\SysWOW64\NeroCheck.exe
2010-09-04 12:37:15 ----D---- C:\Program Files (x86)\Ahead
2010-08-31 13:14:05 ----D---- C:\WINDOWS\SysWOW64\xlive
2010-08-31 13:14:05 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-08-28 00:04:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Octoshape
2010-08-27 10:41:39 ----D---- C:\Program Files (x86)\Common Files\Designer
2010-08-27 10:40:56 ----HD---- C:\WINDOWS\ShellNew
2010-08-27 10:40:54 ----D---- C:\Program Files (x86)\Microsoft Office
2010-08-25 00:26:33 ----D---- C:\Documents and Settings\Administrator\Application Data\NVIDIA
2010-08-25 00:26:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-25 00:25:47 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-25 00:18:03 ----D---- C:\Program Files (x86)\Steam
2010-08-23 20:30:05 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM
2010-08-23 20:30:03 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenFM
2010-08-22 08:35:33 ----D---- C:\Program Files (x86)\WhatsRunning

======List of files/folders modified in the last 1 months======

2010-09-21 18:34:05 ----D---- C:\WINDOWS\Temp
2010-09-21 16:39:17 ----D---- C:\WINDOWS\system32
2010-09-21 15:36:16 ----D---- C:\WINDOWS
2010-09-21 14:43:21 ----SD---- C:\WINDOWS\Tasks
2010-09-21 14:43:14 ----D---- C:\Program Files (x86)\Uniblue
2010-09-21 14:32:52 ----HD---- C:\WINDOWS\inf
2010-09-21 14:19:31 ----D---- C:\NVIDIA
2010-09-21 14:15:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-21 12:58:46 ----RD---- C:\Program Files (x86)
2010-09-20 22:22:01 ----SHD---- C:\WINDOWS\Installer
2010-09-20 21:17:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-09-19 22:44:59 ----D---- C:\Program Files (x86)\JDownloader
2010-09-18 16:09:22 ----D---- C:\Program Files (x86)\EVGA Precision
2010-09-18 15:04:59 ----D---- C:\WINDOWS\SysWOW64
2010-09-18 15:04:45 ----D---- C:\Program Files (x86)\Common Files
2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\pncrt.dll
2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\msvcr71.dll
2010-09-18 12:53:48 ----D---- C:\Program Files (x86)\NAPI-PROJEKT
2010-09-18 12:34:03 ----D---- C:\Documents and Settings\Administrator\Application Data\BESTplayer
2010-09-18 12:04:39 ----RSD---- C:\WINDOWS\assembly
2010-09-18 11:56:35 ----D---- C:\WINDOWS\Prefetch
2010-09-16 15:47:18 ----A---- C:\WINDOWS\imsins.BAK
2010-09-16 15:23:23 ----A---- C:\WINDOWS\win.ini
2010-09-16 15:23:14 ----D---- C:\Program Files (x86)\Windows Media Player
2010-09-16 15:23:11 ----D---- C:\WINDOWS\Help
2010-09-16 13:23:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-15 16:36:38 ----D---- C:\Program Files (x86)\Gadu-Gadu 10
2010-09-15 12:07:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 11:33:20 ----RD---- C:\Program Files
2010-09-15 11:33:03 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-15 11:29:52 ----D---- C:\WINDOWS\WBEM
2010-09-15 11:29:52 ----D---- C:\WINDOWS\SysWOW64\wbem
2010-09-15 11:29:52 ----D---- C:\WINDOWS\SysWOW64\en-US
2010-09-15 11:29:36 ----D---- C:\WINDOWS\Media
2010-09-12 12:00:30 ----D---- C:\WINDOWS\WinSxS
2010-09-10 16:18:08 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-09-10 16:16:19 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-09-10 13:55:26 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-09-10 10:55:39 ----D---- C:\WINDOWS\SysWOW64\XVID
2010-09-08 15:11:22 ----D---- C:\WINDOWS\SysWOW64\MPEG2
2010-09-03 21:01:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Mumble
2010-08-31 13:14:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-28 09:23:25 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-08-28 00:04:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-08-27 13:33:10 ----D---- C:\WINDOWS\SysWOW64\Drivers
2010-08-27 10:41:44 ----D---- C:\Program Files (x86)\Common Files\Microsoft Shared
2010-08-27 10:41:17 ----D---- C:\Program Files (x86)\Common Files\System
2010-08-27 10:41:08 ----RSD---- C:\WINDOWS\Fonts
2010-08-27 10:39:26 ----D---- C:\WINDOWS\system
2010-08-26 21:35:55 ----A---- C:\WINDOWS\SysWOW64\xvidvfw.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys []
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys []
R0 nvgts64;nvgts64; C:\WINDOWS\system32\DRIVERS\nvgts64.sys []
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys []
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys []
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
R0 Wd;Microsoft Watchdog Timer Driver; C:\WINDOWS\system32\DRIVERS\wd.sys []
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys []
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys []
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS []
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys []
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys []
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys []
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys []
S3 ag3o3rtt;ag3o3rtt; C:\WINDOWS\SysWOW64\drivers\ag3o3rtt.sys []
S3 Ambfilt64;Ambfilt64; C:\WINDOWS\system32\drivers\Ambft64.sys []
S3 Monfilt64;Monfilt64; C:\WINDOWS\system32\drivers\Monft64.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys []
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS []
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Documents and Settings\Administrator\My Documents\RealTemp_340\WinRing0x64.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys []
S4 adpu320;adpu320; C:\WINDOWS\SysWOW64\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\SysWOW64\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\SysWOW64\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\SysWOW64\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\SysWOW64\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre6\bin\jqs.exe [2010-07-11 153376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 42336]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe []
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S4 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe svc []
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc64.exe []

-----------------EOF-----------------
[/log]

[log]info.txt logfile of random's system information tool 1.08 2010-09-21 18:34:08

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.4 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001}
Burn4Free CD & DVD 5.0.0.0-->"C:\Program Files (x86)\Burn4Free\unins000.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"
Command & Conquer™ 4 Tyberyjski Zmierzch-->MsiExec.exe /X{82696435-8572-4D8B-A230-D1AA567D0F0F}
Disciples III-->"D:\Disciples III\unins000.exe"
Dragon Age: Początek-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
Driver Sweeper 2.1.0-->"C:\Program Files (x86)\Phyxion.net\Driver Sweeper\unins000.exe"
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
EVEREST Ultimate Edition v5.30-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
EVGA Precision 1.9.6-->"C:\Program Files (x86)\EVGA Precision\uninstall.exe"
Gadu-Gadu 10-->C:\Program Files (x86)\Gadu-Gadu 10\Uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Mafia II Update 1-->"D:\Mafia II\Mafia II\unins000.exe"
Mafia II-->"D:\Mafia II\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office XP Professional z programem FrontPage-->MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Motorola Phone Tools-->C:\Program Files (x86)\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.6.10)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files (x86)\MSN\MsnInstaller\msninst.exe /Action:ARP
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
NapiProjekt 1.0.6.9-->"C:\Program Files (x86)\NAPI-PROJEKT\unins000.exe"
Nero OEM-->C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OCCT Perestroika 3.1.0-->"C:\Program Files (x86)\OCCT\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Real Alternative 2.0.1 Lite-->"C:\Program Files (x86)\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Sniper Ghost Warrior-->"D:\Sniper Ghost Warrior\unins000.exe"
Split/Second-->"C:\Program Files (x86)\InstallShield Installation Information\{28526951-55EF-4901-A0CA-B9AC966D1DD1}\setup.exe" -runfromtemp -l0x0409 -removeonly
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab for Intel-->MsiExec.exe /I{ADD72094-D289-4714-A62E-70574478A2BC}
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Uniblue RegistryBooster-->"C:\Program Files (x86)\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC-->"C:\Program Files (x86)\Uniblue\SpeedUpMyPC\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: DEGH-2D6A971E51
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.1.4 for the Network Card
with network address 00044B1733E1 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 49
Source Name: Dhcp
Time Written: 20100711162035.000000+120
Event Type: Warning
User:

Computer Name: DEGH-2D6A971E51
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 48
Source Name: DCOM
Time Written: 20100711162034.000000+120
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: DEGH-2D6A971E51
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Record Number: 45
Source Name: DCOM
Time Written: 20100711162022.000000+120
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: DEGH-2D6A971E51
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 26
Source Name: DCOM
Time Written: 20100711161646.000000+120
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: DEGH-2D6A971E51
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 25
Source Name: DCOM
Time Written: 20100711161646.000000+120
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: MACHINENAME
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.




Record Number: 24
Source Name: WinMgmt
Time Written: 20100711161121.000000+120
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.




Record Number: 23
Source Name: WinMgmt
Time Written: 20100711161121.000000+120
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20100711160906.000000+120
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20100711160906.000000+120
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100711160906.000000+120
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: MACHINENAME
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege

Record Number: 5
Source Name: Security
Time Written: 20100711160705.000000+120
Event Type: Audit Success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: MACHINENAME
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Caller User Name: MACHINENAME$

Caller Domain:

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 252

Transited Services: -

Source Network Address: -

Source Port: -


Record Number: 4
Source Name: Security
Time Written: 20100711160705.000000+120
Event Type: Audit Success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: MACHINENAME
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege

Record Number: 3
Source Name: Security
Time Written: 20100711160705.000000+120
Event Type: Audit Success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: MACHINENAME
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Caller User Name: MACHINENAME$

Caller Domain:

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 252

Transited Services: -

Source Network Address: -

Source Port: -


Record Number: 2
Source Name: Security
Time Written: 20100711160705.000000+120
Event Type: Audit Success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: MACHINENAME
Event Code: 612
Message: Audit Policy Change:

New Policy:

Success Failure

+ - Logon/Logoff

- - Object Access

- - Privilege Use

- - Account Management

- - Policy Change

- - System

- - Detailed Tracking

- - Directory Service Access

+ - Account Logon


Changed By:

User Name: MACHINENAME$

Domain Name:

Logon ID: (0x0,0x3E7)

Record Number: 1
Source Name: Security
Time Written: 20100711175948.000000+120
Event Type: Audit Success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=EM64T Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
[/log]

Wrzucam tez nowy log OTL jako ze uzylem jednego z tych "cudownych" programow do czyszczenia rejestru

[log]OTL logfile created on: 2010-09-21 18:41:46 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 64,56 Gb Free Space | 27,72% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 139,37 Gb Free Space | 59,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEGH-2D6A971E51
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-09-21 18:38:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL.exe
PRC - [2010-09-18 15:04:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-09-16 13:22:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-09-13 01:09:56 | 012,653,152 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
PRC - [2010-08-30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010-08-11 03:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2010-07-11 19:13:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe
PRC - [2010-07-06 18:26:42 | 019,556,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2007-02-18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-09-21 18:38:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL.exe
MOD - [2010-07-27 12:11:14 | 008,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shell32.dll
MOD - [2010-07-26 15:18:08 | 000,634,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rpcrt4.dll
MOD - [2009-10-15 13:35:36 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shlwapi.dll
MOD - [2009-06-16 13:25:28 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\secur32.dll
MOD - [2009-03-21 09:47:30 | 001,009,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\kernel32.dll
MOD - [2009-03-19 19:51:22 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdll.dll
MOD - [2009-03-19 19:51:22 | 000,619,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\advapi32.dll
MOD - [2008-10-23 18:49:16 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\gdi32.dll
MOD - [2007-12-13 16:28:08 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\oleaut32.dll
MOD - [2007-03-02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\user32.dll
MOD - [2007-02-18 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ole32.dll
MOD - [2007-02-18 14:00:00 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\setupapi.dll
MOD - [2007-02-18 14:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007-02-18 14:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\clbcatq.dll
MOD - [2007-02-18 14:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcrt.dll
MOD - [2007-02-18 14:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTF.dll
MOD - [2007-02-18 14:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll
MOD - [2007-02-18 14:00:00 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\uxtheme.dll
MOD - [2007-02-18 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007-02-18 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007-02-18 14:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winspool.drv
MOD - [2007-02-18 14:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\apphelp.dll
MOD - [2007-02-18 14:00:00 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imm32.dll
MOD - [2007-02-18 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
MOD - [2007-02-18 14:00:00 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\olepro32.dll
MOD - [2007-02-18 14:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\srclient.dll
MOD - [2007-02-18 14:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\psapi.dll
MOD - [2007-02-18 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\version.dll
MOD - [2007-02-17 07:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\nvsvc64.exe -- (nvsvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter)
SRV:[b]64bit:[/b] - [2010-05-06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2010-04-07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008-07-25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007-02-18 14:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2007-02-18 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006-10-18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\Drivers\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi)
DRV:[b]64bit:[/b] - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys -- (nvnetbus)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvgts64.sys -- (nvgts64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys -- (nv)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nic1394.sys -- (NIC1394)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Monft64.sys -- (Monfilt64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\Drivers\LBeepKE.sys -- (LBeepKE)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - File not found [File_System | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload)
DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio)
DRV:[b]64bit:[/b] - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\arp1394.sys -- (Arp1394)
DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\Drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Ambft64.sys -- (Ambfilt64)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec)
DRV - [2010-08-11 03:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2008-07-26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2007-02-18 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]







IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: streamo.tv@lukow.pl:1.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-18 15:04:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-18 15:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-07-11 17:13:09 | 000,000,000 | ---D | M]

[2010-07-11 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010-09-21 15:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions
[2010-08-19 08:01:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-07-25 11:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\streamo.tv@lukow.pl
[2010-09-21 15:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-07-11 19:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-05-18 14:39:58 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCARDS.dll
[2010-07-11 19:13:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-06-26 09:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-06-26 09:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-06-26 09:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-06-26 09:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-06-26 09:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-06-26 09:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml

Hosts file not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [KernelFaultCheck] File not found
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093 (WUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
NetSvcs:[b]64bit:[/b] DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found
NetSvcs:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
NetSvcs:[b]64bit:[/b] Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found
NetSvcs:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
NetSvcs:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
NetSvcs:[b]64bit:[/b] Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found
NetSvcs:[b]64bit:[/b] xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found
NetSvcs:[b]64bit:[/b] wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found

MsConfig:64bit - Services: "appdrvrem01"
MsConfig:64bit - Services: "nvsvc"
MsConfig:64bit - Services: "idsvc"
MsConfig:64bit - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe File not found
MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found
SafeBootMin:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found
SafeBootMin:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found
SafeBootMin:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found
SafeBootMin:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found
SafeBootMin:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] sermouse.sys - Driver
SafeBootMin:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
SafeBootMin:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found
SafeBootNet:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found
SafeBootNet:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found
SafeBootNet:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found
SafeBootNet:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found
SafeBootNet:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] ip6fw.sys - C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found
SafeBootNet:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - C:\WINDOWS\SysNative\sessmgr.exe File not found
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] sermouse.sys - Driver
SafeBootNet:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found
SafeBootNet:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] UploadMgr - Service
SafeBootNet:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found
SafeBootNet:[b]64bit:[/b] {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-09-21 18:34:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010-09-21 14:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OCCT
[2010-09-21 12:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCCT
[2010-09-20 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010-09-19 22:54:27 | 009,970,920 | ---- | C] (BioWare) -- C:\Documents and Settings\Administrator\Desktop\daorigins.exe
[2010-09-18 15:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010-09-18 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010-09-18 15:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010-09-17 20:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\p95v2511
[2010-09-17 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340
[2010-09-17 20:48:57 | 002,325,792 | ---- | C] (CPUID) -- C:\Documents and Settings\Administrator\My Documents\cpuz64.exe
[2010-09-17 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010-09-15 21:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010-09-15 11:34:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010-09-15 11:33:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-09-15 11:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010-09-15 11:27:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-09-13 09:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dragon age dodatki
[2010-09-10 15:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-09-10 12:34:41 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\SysWow64\B4FM.dll
[2010-09-10 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burn4Free
[2010-09-08 18:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-09-08 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BioWare
[2010-09-08 18:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2010-09-08 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010-09-04 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010-09-04 12:37:34 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\SysWow64\TwnLib20.dll
[2010-09-04 12:37:30 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\SysWow64\picn20.dll
[2010-09-04 12:37:29 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\SysWow64\imagr5.dll
[2010-09-04 12:37:29 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\imagx5.dll
[2010-09-04 12:37:28 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\ImagXpr5.dll
[2010-09-04 12:37:20 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\SysWow64\NeroCheck.exe
[2010-09-04 12:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010-09-04 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead
[2010-08-31 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2010-08-31 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fallout3
[2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive
[2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010-08-28 00:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010-08-27 10:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2010-08-27 10:40:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2010-08-27 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010-08-25 00:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2010-08-25 00:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010-08-25 00:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010-08-25 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010-08-25 00:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2K Games
[2010-08-23 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gstreamer-0.10
[2010-08-23 20:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-08-23 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenFM
[2010-08-23 14:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
[2010-08-22 08:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatsRunning
[2010-08-21 14:24:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-08-21 14:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010-08-20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AliensVsPredator
[2010-08-19 09:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010-08-15 15:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Contacts
[2010-08-15 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010-08-15 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010-07-30 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\StarCraft II
[2010-07-30 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2010-07-30 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Phone Tools
[2010-07-30 11:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010-07-30 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010-07-29 15:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\muza
[2010-07-28 10:46:31 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010-07-28 10:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010-07-28 10:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\QuickTime
[2010-07-28 10:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-07-24 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010-07-24 21:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2010-07-24 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-10-08 12:53:32 | 000,674,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG
[2010-10-08 12:53:14 | 000,668,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG
[2010-10-08 12:50:08 | 000,669,315 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG
[2010-10-08 12:49:56 | 000,629,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG
[2010-10-08 12:49:26 | 000,646,100 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG
[2010-10-08 12:39:18 | 000,682,108 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG
[2010-10-08 12:37:50 | 000,665,207 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG
[2010-10-08 12:28:20 | 000,600,939 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG
[2010-09-21 18:37:40 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-09-21 17:29:42 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-21 17:22:21 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Almost 65.doc
[2010-09-21 16:35:07 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-21 16:35:07 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010-09-21 16:35:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-21 16:35:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-21 16:32:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-09-21 16:22:37 | 007,481,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010-09-21 14:43:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010-09-21 14:43:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010-09-21 13:31:07 | 000,017,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-09-21 12:58:48 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OCCT.lnk
[2010-09-20 20:48:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-18 15:25:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-18 15:04:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll
[2010-09-18 12:53:48 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010-09-17 20:47:30 | 001,055,367 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip
[2010-09-16 15:47:18 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-16 15:27:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-09-16 15:26:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2010-09-16 15:26:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2010-09-16 15:23:23 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-09-15 21:37:08 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc
[2010-09-15 11:33:26 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-09-12 23:28:17 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk
[2010-09-10 12:34:41 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010-09-10 12:34:41 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk
[2010-09-07 20:29:57 | 000,545,468 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg
[2010-09-07 20:29:50 | 000,522,299 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg
[2010-09-07 20:29:26 | 000,523,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg
[2010-09-07 20:29:04 | 000,515,185 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg
[2010-09-07 12:14:12 | 000,042,971 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg
[2010-09-05 23:56:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc
[2010-09-05 19:09:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVGA Precision.lnk
[2010-09-04 12:39:11 | 000,001,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010-09-04 12:39:11 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010-09-04 12:29:24 | 000,887,411 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip
[2010-09-02 17:27:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc
[2010-08-28 09:23:32 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk
[2010-08-26 21:35:55 | 000,134,144 | ---- | M] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2010-08-25 14:56:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk
[2010-08-21 14:05:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk
[2010-08-11 09:02:38 | 000,591,140 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010-08-09 16:55:01 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk
[2010-07-31 00:03:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-07-28 10:45:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010-07-28 10:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\QuickTime.qtp
[61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-08 12:53:32 | 000,674,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG
[2010-10-08 12:53:14 | 000,668,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG
[2010-10-08 12:50:08 | 000,669,315 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG
[2010-10-08 12:49:56 | 000,629,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG
[2010-10-08 12:49:26 | 000,646,100 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG
[2010-09-21 17:22:21 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Almost 65.doc
[2010-09-21 14:43:21 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2010-09-21 14:43:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010-09-21 14:43:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010-09-21 12:58:48 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OCCT.lnk
[2010-09-18 15:05:07 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-18 15:05:06 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job
[2010-09-18 12:53:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk
[2010-09-17 20:48:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpuz.ini
[2010-09-17 20:47:30 | 001,055,367 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip
[2010-09-16 15:27:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010-09-15 21:37:08 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc
[2010-09-10 12:34:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010-09-10 12:34:41 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk
[2010-09-09 12:11:58 | 049,073,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dragon_Age_Origins_-_Poradnik_Gry-OnLine.pdf
[2010-09-08 18:10:15 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk
[2010-09-07 20:29:57 | 000,545,468 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg
[2010-09-07 20:29:49 | 000,522,299 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg
[2010-09-07 20:29:26 | 000,523,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg
[2010-09-07 20:29:04 | 000,515,185 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg
[2010-09-07 18:59:42 | 000,665,207 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG
[2010-09-07 18:59:42 | 000,600,939 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG
[2010-09-07 18:59:41 | 000,682,108 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG
[2010-09-07 12:18:02 | 000,042,971 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg
[2010-09-06 16:26:24 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc
[2010-09-06 16:26:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc
[2010-09-06 13:07:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-04 12:39:11 | 000,001,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010-09-04 12:39:11 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010-09-04 12:29:22 | 000,887,411 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip
[2010-08-28 09:23:31 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk
[2010-08-25 14:56:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk
[2010-08-21 14:05:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk
[2010-08-09 16:55:01 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk
[2010-07-30 23:55:18 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010-07-28 10:45:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010-07-28 10:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\QuickTime.qtp
[2010-07-13 21:54:47 | 000,134,144 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2010-07-13 21:54:44 | 000,207,360 | ---- | C] () -- C:\WINDOWS\SysWow64\evrprop.dll
[2010-07-13 21:54:08 | 000,080,384 | ---- | C] () -- C:\WINDOWS\SysWow64\mkzlib.dll
[2010-07-13 21:54:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\mkunicode.dll
[2010-07-13 18:39:34 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-12 16:32:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2010-07-11 16:49:13 | 000,591,140 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2007-02-18 14:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007-02-18 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007-02-18 14:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007-02-18 14:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007-02-18 14:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007-02-18 14:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007-02-18 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007-02-18 14:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007-02-18 14:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007-02-18 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007-02-18 14:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007-02-18 14:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007-02-18 14:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007-02-18 14:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007-02-18 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007-02-18 14:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007-02-18 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007-02-18 14:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-18 12:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BESTplayer
[2010-07-20 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command and Conquer 4
[2010-07-12 16:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu 10
[2010-07-23 12:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet
[2010-07-13 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010-08-15 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010-09-03 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble
[2010-08-28 00:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010-08-23 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenFM
[2010-09-19 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010-07-11 20:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010-09-08 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-07-30 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010-07-11 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010-07-12 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2010-09-18 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010-09-21 16:35:07 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2010-09-21 16:32:20 | 000,032,582 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-09-21 16:34:55 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys
< End of report >
[/log]

Tomek01
komentarz
komentarz

Wrzuć jeszcze log Gmer. Coś mi to dziwnie wygląda.

Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.

Degh
komentarz
komentarz (edytowane)

Skan drwebcureit nie wykryl praktycznie nic, jedynie jakies "plotki" typu faketrojanalert, malwarebytes nie wykrylo nic.Dodaje log z gmera
[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-21 19:50:00
Windows 5.2.3790 Service Pack 2
Running: v8vzjuui.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x93 0xE4 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x20 0xD8 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x91 0x65 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x54 0x28 0x9D 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x91 0x52 0xBC 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x91 0x52 0xBC 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x93 0xE4 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x20 0xD8 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x91 0x65 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x54 0x28 0x9D 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x91 0x52 0xBC 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x91 0x52 0xBC 0x21 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\My Documents\Pobieranie\launch.exe.part 41438568 bytes executable

---- EOF - GMER 1.0.15 ----
[/log]

Tomek01
komentarz
komentarz

Log z Gmer'a wykonany w złym środowisku. Zapoznaj się z tym: http://www.searchengines.pl/index.php?act=announce&f=99&id=20 i wykonaj jeszcze raz log. Zaznacz rootkit - pokaż wszystko.

Degh
komentarz
komentarz

Nie moge usunac tych kluczy SPDT z rejestru, probowalem regassasina, rowniez nie dal rady, Daemon tools odinstalowane , sterownik spdt rowniez, log z gmera, opcja pokazuj wszystko w gmerze jest nie aktywna(nie moge jej zaznaczyc).
[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 14:24:30
Windows 5.2.3790 Service Pack 2
Running: v8vzjuui.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2F 0x71 0x24 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2F 0x71 0x24 0x69 ...

---- EOF - GMER 1.0.15 ----
[/log]

Tomek01
komentarz
komentarz

Pobierz i zastosuj: [b][url="http://dlz.download.chip.eu/exec/r2r.pl?m=dlz;u=http%3A%2F%2Fdl03.chip.eu%2Fdownload%2Fdac1ec6c24f4a379220a8c081a755f00%2F4c9b9cb8%2F15149%2FIceSword122en.zip;ct=1;thc=1;b=15149;c=159799;tit=Beitrag+15149+PL;url=http%3A%2F%2Fdownload.chip.eu%2Fpl%2Fdownload_getfile_pl_2498954.html;sep=%7C;tid=128;tp=9%7C47;tc=005007000;tn=Antiviren-Tools;tpn=download+eu%7CSicherheit+%26+Hilfe;content_type=egc;cs=1"]Ice Sword 1.20[/url][/b]

Degh
komentarz
komentarz

nie wiem co sie dzieje, podejrzewam ze problemem jest system 64bitowy, ale odddzielnej wersji dla 64 bitow nie ma;/

Tomek01
komentarz
komentarz

Wrzuć log [i]Silent Runners[/i] oraz [i]Reglooks[/i].

Degh
komentarz
komentarz

[log]"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows Server 2003 SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"DAEMON Tools Lite" = ""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun" ["DT Soft Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"JMB36X IDE Setup" = "C:\WINDOWS\RaidTool\xInsIDE.exe" [null data]
"36X Raid Configurer" = "C:\WINDOWS\SysWOW64\xRaidSetup.exe boot" ["JMicron Technology Corp."]
"Adobe Reader Speed Launcher" = ""C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"EVGAPrecision" = ""C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe" /s" [empty string]
"NeroFilterCheck" = "C:\WINDOWS\SysWow64\NeroCheck.exe" ["Ahead Software Gmbh"]
"TkBellExe" = ""C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "hticons.dll" [file not found]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll" [MS]

"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" = "ShellPlusContextMenu"
-> {HKLM...CLSID} = "Burn4Freecontext menu"
\InProcServer32\(Default) = "C:\WINDOWS\SysWow64\B4FM.dll" ["Ikysasoft s.r.l. uninominale"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "System" = "lsass.exe" [file not found]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dll" [** WMI GetObject error **], "msnsspc.dll" [** WMI GetObject error **]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> EFS\DLLName = "sclgntfy.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
-> {HKLM...CLSID} = "WebView MIME Filter"
\InProcServer32\(Default) = "C:\WINDOWS\syswow64\SHELL32.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> cdo\CLSID = "{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
-> {HKLM...CLSID} = "Microsoft PKM KnowledgePluggable Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL" [MS]

<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\msvidctl.dll" [MS]

<<!>> gopher\CLSID = "{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "gopher: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\urlmon.dll" [MS]

<<!>> its\CLSID = "{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
-> {HKLM...CLSID} = "Microsoft InfoTech Protocols for IE 4.0"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\itss.dll" [MS]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mhtml\CLSID = "{05300401-BCBC-11d0-85E3-00C04FD85AB4}"
-> {HKLM...CLSID} = "MHTML Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\inetcomm.dll" [MS]

<<!>> ms-its\CLSID = "{9D148291-B9C8-11D0-A4CC-0000F80149F6}"
-> {HKLM...CLSID} = "Microsoft InfoTech Protocols for IE 4.0"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\itss.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> sysimage\CLSID = "{76E67A63-06E9-11D2-A840-006008059382}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\mshtml.dll" [MS]

<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\msvidctl.dll" [MS]

<<!>> wia\CLSID = "{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"
-> {HKLM...CLSID} = "WiaProtocol Class"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\wiascr.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

ShellPlusContextMenu\(Default) = "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}"
-> {HKLM...CLSID} = "Burn4Freecontext menu"
\InProcServer32\(Default) = "C:\WINDOWS\SysWow64\B4FM.dll" ["Ikysasoft s.r.l. uninominale"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"]

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\SysWOW64\mshta.exe "%1" %*" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [file not found]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSCDBurningOnArrival\
"Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17170"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]

MSOpenFolder\
"Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17155"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]

MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe" "%1"" [file not found]

MSPlayMediaOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.PlayMedia"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.PlayMedia\shell\play\DropTarget\CLSID = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\syswow64\wmpshell.dll" [MS]

MSPrintPicturesOnArrival\
"Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17159"
"InvokeProgID" = "Applications\shimgvw.dll"
"InvokeVerb" = "print"
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\command\(Default) = "rundll32.exe C:\WINDOWS\SysWOW64\shimgvw.dll,ImageView_Fullscreen %1" [MS]
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\DropTarget\CLSID = "{60fd46de-f830-4894-a628-6fa81bc0190d}"
-> {HKLM...CLSID} = "DropTarget Object for Photo Printing Wizard"
\InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\photowiz.dll" [MS]

MSSHAudioDevHandler\
"Provider" = "@%SystemRoot%\syswow64\Audiodev.dll,-501"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{640167b4-59b0-47a6-b335-a6b3c0695aea}"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "C:\WINDOWS\system32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSShowPicturesOnArrival\
"Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17157"
"InvokeProgID" = "Shell.AutoplayForSlideShow.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Shell.AutoplayForSlideShow.1\shell\open\DropTarget\CLSID = "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"
-> {HKLM...CLSID} = "Shell Autoplay for Slideshow"
\LocalServer32\(Default) = "rundll32.exe C:\WINDOWS\SysWOW64\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [MS]

NeroAutoPlayEmptyCD\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay"
"InvokeVerb" = "EmptyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files (x86)\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files (x86)\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "C:\WINDOWS\system32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe" "%1"" ["Nullsoft, Inc."]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe"" ["Nullsoft, Inc."]


Enabled Scheduled Tasks:
------------------------

"RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RegistryBooster" -> launches: "C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe" ["Uniblue Systems Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
%SystemRoot%\system32\mswsock.dll [MS], 1 - 5


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic Updates, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [file not found]}
Background Intelligent Transfer Service, BITS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\qmgr.dll" [file not found]}
DCOM Server Process Launcher, DcomLaunch, "C:\WINDOWS\system32\svchost.exe -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [file not found]}
ESET Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"" ["ESET"]
Event Log, Eventlog, "C:\WINDOWS\system32\services.exe" [file not found]
HID Input Service, HidServ, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\hidserv.dll" [file not found]}
IPSEC Services, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [file not found]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Logical Disk Manager, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [file not found]}
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [file not found]
Protected Storage, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [file not found]
Remote Procedure Call (RPC), RpcSs, "C:\WINDOWS\system32\svchost.exe -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\WINDOWS\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [file not found]}
Server, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [file not found]}
System Restore Service, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [file not found]}
Terminal Services, TermService, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\termsrv.dll" [file not found]}
Windows Management Instrumentation, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [file not found]}
Workstation, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [file not found]}


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (title not found)


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "kbdclass" [file not found]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Local Port\Driver = "localspl.dll" [file not found]


---------- (launch time: 2010-09-25 21:54:43)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 18 seconds for message boxes)
[/log]
64 bit strikes again:

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.