Degh utworzono 20 września 2010 utworzono 20 września 2010 Prosze o sprawdzenie logow OTL, dziwne rzeczy startuja mi z windowsem jak np "application driver auto removal" [log]OTL logfile created on: 2010-09-20 22:55:08 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 81,00% Memory free 16,00 Gb Paging File | 15,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 65,02 Gb Free Space | 27,92% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 139,37 Gb Free Space | 59,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEGH-2D6A971E51 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-09-20 22:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL_3.2.12.1(dobreprogramy.pl).exe PRC - [2010-09-18 15:04:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010-09-16 13:23:00 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010-09-16 13:22:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-08-11 03:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe PRC - [2010-07-11 19:13:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe PRC - [2010-07-06 18:26:42 | 019,556,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2007-02-18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-09-20 22:33:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL_3.2.12.1(dobreprogramy.pl).exe MOD - [2010-07-27 12:11:14 | 008,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shell32.dll MOD - [2010-07-26 15:18:08 | 000,634,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rpcrt4.dll MOD - [2010-06-24 14:45:22 | 011,077,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ieframe.dll MOD - [2010-06-24 14:45:22 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\iertutil.dll MOD - [2010-06-24 14:45:22 | 001,210,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\urlmon.dll MOD - [2009-10-15 13:35:36 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shlwapi.dll MOD - [2009-06-16 13:25:28 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\secur32.dll MOD - [2009-03-21 09:47:30 | 001,009,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\kernel32.dll MOD - [2009-03-19 19:51:22 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdll.dll MOD - [2009-03-19 19:51:22 | 000,619,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\advapi32.dll MOD - [2008-10-23 18:49:16 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\gdi32.dll MOD - [2008-10-17 07:53:16 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\netapi32.dll MOD - [2008-06-21 15:07:46 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\dnsapi.dll MOD - [2007-12-13 16:28:08 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\oleaut32.dll MOD - [2007-03-02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\user32.dll MOD - [2007-02-18 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ole32.dll MOD - [2007-02-18 14:00:00 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\setupapi.dll MOD - [2007-02-18 14:00:00 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws03res.dll MOD - [2007-02-18 14:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll MOD - [2007-02-18 14:00:00 | 000,780,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\userenv.dll MOD - [2007-02-18 14:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\clbcatq.dll MOD - [2007-02-18 14:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcrt.dll MOD - [2007-02-18 14:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTF.dll MOD - [2007-02-18 14:00:00 | 000,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mstask.dll MOD - [2007-02-18 14:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll MOD - [2007-02-18 14:00:00 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\uxtheme.dll MOD - [2007-02-18 14:00:00 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wldap32.dll MOD - [2007-02-18 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll MOD - [2007-02-18 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME MOD - [2007-02-18 14:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winspool.drv MOD - [2007-02-18 14:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\apphelp.dll MOD - [2007-02-18 14:00:00 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntmarta.dll MOD - [2007-02-18 14:00:00 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imm32.dll MOD - [2007-02-18 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx MOD - [2007-02-18 14:00:00 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\olepro32.dll MOD - [2007-02-18 14:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2_32.dll MOD - [2007-02-18 14:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\srclient.dll MOD - [2007-02-18 14:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdsapi.dll MOD - [2007-02-18 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\mpr.dll MOD - [2007-02-18 14:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\samlib.dll MOD - [2007-02-18 14:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\psapi.dll MOD - [2007-02-18 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ws2help.dll MOD - [2007-02-18 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\version.dll MOD - [2007-02-17 07:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\nvsvc64.exe -- (nvsvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\mnmsrvc.exe -- (mnmsrvc) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\appdrvrem01.exe -- (appdrvrem01) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter) SRV:[b]64bit:[/b] - [2010-05-06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2010-04-07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008-07-25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007-02-18 14:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet) SRV - [2007-02-18 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006-10-18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\Drivers\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi) DRV:[b]64bit:[/b] - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys -- (nvnetbus) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvgts64.sys -- (nvgts64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys -- (NVENETFD) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys -- (nv) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nic1394.sys -- (NIC1394) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgp.sys -- (motccgp) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Monft64.sys -- (Monfilt64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\Drivers\LBeepKE.sys -- (LBeepKE) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\epfwtdir.sys -- (epfwtdir) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - File not found [File_System | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio) DRV:[b]64bit:[/b] - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\arp1394.sys -- (Arp1394) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\Drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Ambft64.sys -- (Ambfilt64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec) DRV - [2010-08-11 03:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64) DRV - [2007-02-18 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: streamo.tv@lukow.pl:1.11 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-18 15:04:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-18 15:05:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-07-11 17:13:09 | 000,000,000 | ---D | M] [2010-07-11 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010-09-20 14:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions [2010-08-19 08:01:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-25 11:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\streamo.tv@lukow.pl [2010-09-20 14:28:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010-07-11 19:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-18 14:39:58 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCARDS.dll [2010-07-11 19:13:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010-06-26 09:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-26 09:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-06-26 09:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-26 09:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-26 09:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-26 09:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml Hosts file not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [KernelFaultCheck] File not found O4:[b]64bit:[/b] - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found NetSvcs:[b]64bit:[/b] DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found NetSvcs:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found NetSvcs:[b]64bit:[/b] Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found NetSvcs:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found NetSvcs:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found NetSvcs:[b]64bit:[/b] Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found NetSvcs:[b]64bit:[/b] xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found NetSvcs:[b]64bit:[/b] wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found MsConfig:64bit - Services: "appdrvrem01" MsConfig:64bit - Services: "nvsvc" MsConfig:64bit - Services: "idsvc" MsConfig:64bit - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe File not found MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found SafeBootMin:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found SafeBootMin:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found SafeBootMin:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found SafeBootMin:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found SafeBootMin:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] sermouse.sys - Driver SafeBootMin:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found SafeBootMin:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found SafeBootNet:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found SafeBootNet:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found SafeBootNet:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found SafeBootNet:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found SafeBootNet:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] ip6fw.sys - C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found SafeBootNet:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - C:\WINDOWS\SysNative\sessmgr.exe File not found SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] sermouse.sys - Driver SafeBootNet:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found SafeBootNet:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] UploadMgr - Service SafeBootNet:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found SafeBootNet:[b]64bit:[/b] {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-09-20 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010-09-19 22:54:27 | 009,970,920 | ---- | C] (BioWare) -- C:\Documents and Settings\Administrator\Desktop\daorigins.exe [2010-09-18 15:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2010-09-18 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real [2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real [2010-09-18 15:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real [2010-09-17 20:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\p95v2511 [2010-09-17 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340 [2010-09-17 20:48:57 | 002,325,792 | ---- | C] (CPUID) -- C:\Documents and Settings\Administrator\My Documents\cpuz64.exe [2010-09-17 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010-09-15 21:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010-09-15 11:34:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010-09-15 11:33:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010-09-15 11:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010-09-15 11:27:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010-09-13 09:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dragon age dodatki [2010-09-10 15:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010-09-10 12:34:41 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\SysWow64\B4FM.dll [2010-09-10 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burn4Free [2010-09-08 18:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BioWare [2010-09-08 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BioWare [2010-09-08 18:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP [2010-09-08 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2010-09-04 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead [2010-09-04 12:37:34 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\SysWow64\TwnLib20.dll [2010-09-04 12:37:30 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\SysWow64\picn20.dll [2010-09-04 12:37:29 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\SysWow64\imagr5.dll [2010-09-04 12:37:29 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\imagx5.dll [2010-09-04 12:37:28 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\ImagXpr5.dll [2010-09-04 12:37:20 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\SysWow64\NeroCheck.exe [2010-09-04 12:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-09-04 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead [2010-08-31 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games [2010-08-31 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fallout3 [2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive [2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-08-28 00:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape [2010-08-27 10:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2010-08-27 10:40:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew [2010-08-27 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010-08-25 00:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA [2010-08-25 00:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010-08-25 00:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010-08-25 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-08-25 00:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2K Games [2010-08-23 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gstreamer-0.10 [2010-08-23 20:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-08-23 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenFM [2010-08-23 14:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com [2010-08-22 08:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatsRunning [2010-08-21 14:24:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010-08-21 14:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2010-08-20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AliensVsPredator [2010-08-19 09:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-08-15 15:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Contacts [2010-08-15 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2010-08-15 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010-07-30 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\StarCraft II [2010-07-30 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software [2010-07-30 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Phone Tools [2010-07-30 11:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010-07-30 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield [2010-07-29 15:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\muza [2010-07-28 10:46:31 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2010-07-28 10:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2010-07-28 10:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\QuickTime [2010-07-28 10:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010-07-24 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010-07-24 21:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET [2010-07-24 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010-07-23 12:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet [61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-10-08 12:53:32 | 000,674,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG [2010-10-08 12:53:14 | 000,668,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG [2010-10-08 12:50:08 | 000,669,315 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG [2010-10-08 12:49:56 | 000,629,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG [2010-10-08 12:49:26 | 000,646,100 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG [2010-10-08 12:39:18 | 000,682,108 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG [2010-10-08 12:37:50 | 000,665,207 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG [2010-10-08 12:28:20 | 000,600,939 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG [2010-09-20 22:31:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-20 22:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-09-20 22:30:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-09-20 22:30:08 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-09-20 22:30:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-09-20 22:30:04 | 006,417,914 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010-09-20 20:48:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-20 16:04:08 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-18 15:25:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-09-18 15:04:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll [2010-09-18 12:53:48 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk [2010-09-17 20:47:30 | 001,055,367 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip [2010-09-16 15:47:18 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-09-16 15:27:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010-09-16 15:26:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010-09-16 15:26:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010-09-16 15:23:23 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini [2010-09-15 21:37:08 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc [2010-09-15 11:33:26 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010-09-12 23:28:17 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk [2010-09-10 12:34:41 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk [2010-09-10 12:34:41 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk [2010-09-07 20:29:57 | 000,545,468 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg [2010-09-07 20:29:50 | 000,522,299 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg [2010-09-07 20:29:26 | 000,523,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg [2010-09-07 20:29:04 | 000,515,185 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg [2010-09-07 12:14:12 | 000,042,971 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg [2010-09-05 23:56:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc [2010-09-05 19:09:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVGA Precision.lnk [2010-09-04 12:39:11 | 000,001,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010-09-04 12:39:11 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk [2010-09-04 12:29:24 | 000,887,411 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip [2010-09-02 17:27:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc [2010-08-28 09:23:32 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk [2010-08-27 13:34:34 | 000,017,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010-08-26 21:35:55 | 000,134,144 | ---- | M] () -- C:\WINDOWS\SysWow64\xvidvfw.dll [2010-08-25 14:56:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk [2010-08-21 14:05:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk [2010-08-11 09:02:38 | 000,591,140 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010-08-09 16:55:01 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk [2010-07-31 00:03:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk [2010-07-28 10:45:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010-07-28 10:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\QuickTime.qtp [2010-07-23 12:48:53 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\proc-1037709799.bin [61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-08 12:53:32 | 000,674,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG [2010-10-08 12:53:14 | 000,668,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG [2010-10-08 12:50:08 | 000,669,315 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG [2010-10-08 12:49:56 | 000,629,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG [2010-10-08 12:49:26 | 000,646,100 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG [2010-09-18 15:05:07 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-18 15:05:06 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-18 12:53:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk [2010-09-17 20:48:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpuz.ini [2010-09-17 20:47:30 | 001,055,367 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip [2010-09-16 15:27:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010-09-15 21:37:08 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc [2010-09-10 12:34:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk [2010-09-10 12:34:41 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk [2010-09-09 12:11:58 | 049,073,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dragon_Age_Origins_-_Poradnik_Gry-OnLine.pdf [2010-09-08 18:10:15 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk [2010-09-07 20:29:57 | 000,545,468 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg [2010-09-07 20:29:49 | 000,522,299 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg [2010-09-07 20:29:26 | 000,523,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg [2010-09-07 20:29:04 | 000,515,185 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg [2010-09-07 18:59:42 | 000,665,207 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG [2010-09-07 18:59:42 | 000,600,939 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG [2010-09-07 18:59:41 | 000,682,108 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG [2010-09-07 12:18:02 | 000,042,971 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg [2010-09-06 16:26:24 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc [2010-09-06 16:26:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc [2010-09-06 13:07:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-09-04 12:39:11 | 000,001,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010-09-04 12:39:11 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk [2010-09-04 12:29:22 | 000,887,411 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip [2010-08-28 09:23:31 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk [2010-08-25 14:56:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk [2010-08-21 14:05:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk [2010-08-09 16:55:01 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk [2010-07-30 23:55:18 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk [2010-07-28 10:45:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010-07-28 10:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\QuickTime.qtp [2010-07-23 12:48:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\SysWow64\proc-1037709799.bin [2010-07-13 21:54:47 | 000,134,144 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll [2010-07-13 21:54:44 | 000,207,360 | ---- | C] () -- C:\WINDOWS\SysWow64\evrprop.dll [2010-07-13 21:54:08 | 000,080,384 | ---- | C] () -- C:\WINDOWS\SysWow64\mkzlib.dll [2010-07-13 21:54:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\mkunicode.dll [2010-07-13 18:39:34 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-12 16:32:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll [2010-07-11 16:49:13 | 000,591,140 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat [2007-02-18 14:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2007-02-18 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2007-02-18 14:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2007-02-18 14:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2007-02-18 14:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll [2007-02-18 14:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2007-02-18 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2007-02-18 14:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2007-02-18 14:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll [2007-02-18 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll [2007-02-18 14:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2007-02-18 14:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2007-02-18 14:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2007-02-18 14:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2007-02-18 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2007-02-18 14:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2007-02-18 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2007-02-18 14:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll [color=#E56717]========== LOP Check ==========[/color] [2010-09-18 12:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BESTplayer [2010-07-20 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command and Conquer 4 [2010-07-12 16:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu 10 [2010-07-23 12:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet [2010-07-13 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2010-08-15 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2010-09-03 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble [2010-08-28 00:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape [2010-08-23 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenFM [2010-09-19 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft [2010-07-11 20:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue [2010-09-08 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2010-07-30 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010-07-11 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010-07-12 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 [2010-09-18 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2010-09-20 22:30:10 | 000,032,582 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-09-20 22:30:49 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys < End of report > [/log] Dzieki
Tomek01 komentarz 21 września 2010 komentarz 21 września 2010 Nie wiele jest do usunięcia. Zajmę się tym po zobaczeniu log'u RSIT.
Degh komentarz 21 września 2010 Autor komentarz 21 września 2010 (edytowane) Log RSIT [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-09-21 18:34:04 Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2 System drive C: has 66 GB (28%) free of 238 GB Total RAM: 4094 MB (78% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:34:06, on 2010-09-21 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\Program Files (x86)\Gadu-Gadu 10\gg.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\My Documents\Pobieranie\RSIT.exe C:\Program Files (x86)\trend micro\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWow64\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWow64\browseui.dll O23 - Service: Dragon Age: Początek - Aktualizator zawartości (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 7038 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job C:\WINDOWS\tasks\RegistryBooster.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-11 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-21 36864] "36X Raid Configurer"=C:\WINDOWS\SysWOW64\xRaidSetup.exe [2007-11-19 1970176] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "EVGAPrecision"=C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe [2010-08-11 302184] "NeroFilterCheck"=C:\WINDOWS\SysWow64\NeroCheck.exe [2001-07-09 155648] "TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-09-18 202256] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS] C:\WINDOWS\system32\sclgntfy.dll [2007-02-18 19968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"=lsass.exe [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Split second\SplitSecond.exe"="D:\Split second\SplitSecond.exe:*:Enabled:Split/Second" "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher" "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files (x86)\Steam\Steam.exe"="C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam" "D:\Dragon Age\bin_ship\daorigins.exe"="D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra" "D:\Dragon Age\DAOriginsLauncher.exe"="D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy" "D:\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Aktualizator" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1 .ini - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1 .js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %* .txt - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1 .vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-21 18:34:04 ----D---- C:\rsit 2010-09-21 12:58:46 ----D---- C:\Program Files (x86)\OCCT 2010-09-20 22:10:31 ----D---- C:\Program Files (x86)\Trend Micro 2010-09-18 15:04:59 ----A---- C:\WINDOWS\SysWOW64\rmoc3260.dll 2010-09-18 15:04:54 ----A---- C:\WINDOWS\SysWOW64\pndx5032.dll 2010-09-18 15:04:54 ----A---- C:\WINDOWS\SysWOW64\pndx5016.dll 2010-09-18 15:04:45 ----D---- C:\Program Files (x86)\Common Files\xing shared 2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\msvcp71.dll 2010-09-18 15:04:30 ----D---- C:\Program Files (x86)\Common Files\Real 2010-09-18 15:04:29 ----D---- C:\Program Files (x86)\Real 2010-09-18 15:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2010-09-18 15:03:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Real 2010-09-17 18:34:32 ----D---- C:\Program Files (x86)\SystemRequirementsLab 2010-09-16 15:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM11x64$ 2010-09-16 15:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM11x64$ 2010-09-16 15:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM11x64$ 2010-09-16 15:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM11x64$ 2010-09-16 15:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11x64$ 2010-09-16 15:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569_WM11$ 2010-09-16 15:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2010-09-16 15:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2010-09-16 15:23:34 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2010-09-16 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallwmp11-64$ 2010-09-16 15:22:32 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11-64$ 2010-09-16 15:22:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2010-09-15 21:49:17 ----D---- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab 2010-09-15 11:31:26 ----A---- C:\WINDOWS\SysWOW64\wininet.dll 2010-09-15 11:31:26 ----A---- C:\WINDOWS\SysWOW64\urlmon.dll 2010-09-15 11:31:25 ----A---- C:\WINDOWS\SysWOW64\mshtml.dll 2010-09-15 11:31:25 ----A---- C:\WINDOWS\SysWOW64\iepeers.dll 2010-09-15 11:27:33 ----HDC---- C:\WINDOWS\ie8 2010-09-15 11:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2010-09-15 11:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$ 2010-09-15 11:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$ 2010-09-15 11:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2010-09-15 11:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2010-09-15 11:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$ 2010-09-15 11:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$ 2010-09-10 15:11:28 ----D---- C:\WINDOWS\Minidump 2010-09-10 12:34:41 ----A---- C:\WINDOWS\SysWOW64\B4FM.dll 2010-09-10 12:34:39 ----D---- C:\Program Files (x86)\Burn4Free 2010-09-08 18:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare 2010-09-08 18:05:37 ----D---- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP 2010-09-08 17:48:46 ----D---- C:\Program Files (x86)\Common Files\BioWare 2010-09-06 13:07:22 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-04 12:37:34 ----A---- C:\WINDOWS\SysWOW64\TwnLib20.dll 2010-09-04 12:37:30 ----A---- C:\WINDOWS\SysWOW64\picn20.dll 2010-09-04 12:37:29 ----A---- C:\WINDOWS\SysWOW64\imagx5.dll 2010-09-04 12:37:29 ----A---- C:\WINDOWS\SysWOW64\imagr5.dll 2010-09-04 12:37:28 ----A---- C:\WINDOWS\SysWOW64\ImagXpr5.dll 2010-09-04 12:37:20 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-09-04 12:37:20 ----A---- C:\WINDOWS\SysWOW64\NeroCheck.exe 2010-09-04 12:37:15 ----D---- C:\Program Files (x86)\Ahead 2010-08-31 13:14:05 ----D---- C:\WINDOWS\SysWOW64\xlive 2010-08-31 13:14:05 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2010-08-28 00:04:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Octoshape 2010-08-27 10:41:39 ----D---- C:\Program Files (x86)\Common Files\Designer 2010-08-27 10:40:56 ----HD---- C:\WINDOWS\ShellNew 2010-08-27 10:40:54 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-25 00:26:33 ----D---- C:\Documents and Settings\Administrator\Application Data\NVIDIA 2010-08-25 00:26:12 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2010-08-25 00:25:47 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2010-08-25 00:18:03 ----D---- C:\Program Files (x86)\Steam 2010-08-23 20:30:05 ----D---- C:\Documents and Settings\All Users\Application Data\OpenFM 2010-08-23 20:30:03 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenFM 2010-08-22 08:35:33 ----D---- C:\Program Files (x86)\WhatsRunning ======List of files/folders modified in the last 1 months====== 2010-09-21 18:34:05 ----D---- C:\WINDOWS\Temp 2010-09-21 16:39:17 ----D---- C:\WINDOWS\system32 2010-09-21 15:36:16 ----D---- C:\WINDOWS 2010-09-21 14:43:21 ----SD---- C:\WINDOWS\Tasks 2010-09-21 14:43:14 ----D---- C:\Program Files (x86)\Uniblue 2010-09-21 14:32:52 ----HD---- C:\WINDOWS\inf 2010-09-21 14:19:31 ----D---- C:\NVIDIA 2010-09-21 14:15:53 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-09-21 12:58:46 ----RD---- C:\Program Files (x86) 2010-09-20 22:22:01 ----SHD---- C:\WINDOWS\Installer 2010-09-20 21:17:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-09-19 22:44:59 ----D---- C:\Program Files (x86)\JDownloader 2010-09-18 16:09:22 ----D---- C:\Program Files (x86)\EVGA Precision 2010-09-18 15:04:59 ----D---- C:\WINDOWS\SysWOW64 2010-09-18 15:04:45 ----D---- C:\Program Files (x86)\Common Files 2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\pncrt.dll 2010-09-18 15:04:31 ----A---- C:\WINDOWS\SysWOW64\msvcr71.dll 2010-09-18 12:53:48 ----D---- C:\Program Files (x86)\NAPI-PROJEKT 2010-09-18 12:34:03 ----D---- C:\Documents and Settings\Administrator\Application Data\BESTplayer 2010-09-18 12:04:39 ----RSD---- C:\WINDOWS\assembly 2010-09-18 11:56:35 ----D---- C:\WINDOWS\Prefetch 2010-09-16 15:47:18 ----A---- C:\WINDOWS\imsins.BAK 2010-09-16 15:23:23 ----A---- C:\WINDOWS\win.ini 2010-09-16 15:23:14 ----D---- C:\Program Files (x86)\Windows Media Player 2010-09-16 15:23:11 ----D---- C:\WINDOWS\Help 2010-09-16 13:23:12 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-09-15 16:36:38 ----D---- C:\Program Files (x86)\Gadu-Gadu 10 2010-09-15 12:07:36 ----HD---- C:\WINDOWS\$hf_mig$ 2010-09-15 11:33:20 ----RD---- C:\Program Files 2010-09-15 11:33:03 ----D---- C:\Program Files (x86)\Internet Explorer 2010-09-15 11:29:52 ----D---- C:\WINDOWS\WBEM 2010-09-15 11:29:52 ----D---- C:\WINDOWS\SysWOW64\wbem 2010-09-15 11:29:52 ----D---- C:\WINDOWS\SysWOW64\en-US 2010-09-15 11:29:36 ----D---- C:\WINDOWS\Media 2010-09-12 12:00:30 ----D---- C:\WINDOWS\WinSxS 2010-09-10 16:18:08 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2010-09-10 16:16:19 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment 2010-09-10 13:55:26 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-09-10 10:55:39 ----D---- C:\WINDOWS\SysWOW64\XVID 2010-09-08 15:11:22 ----D---- C:\WINDOWS\SysWOW64\MPEG2 2010-09-03 21:01:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Mumble 2010-08-31 13:14:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-08-28 09:23:25 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2010-08-28 00:04:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla 2010-08-27 13:33:10 ----D---- C:\WINDOWS\SysWOW64\Drivers 2010-08-27 10:41:44 ----D---- C:\Program Files (x86)\Common Files\Microsoft Shared 2010-08-27 10:41:17 ----D---- C:\Program Files (x86)\Common Files\System 2010-08-27 10:41:08 ----RSD---- C:\WINDOWS\Fonts 2010-08-27 10:39:26 ----D---- C:\WINDOWS\system 2010-08-26 21:35:55 ----A---- C:\WINDOWS\SysWOW64\xvidvfw.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [] R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [] R0 nvgts64;nvgts64; C:\WINDOWS\system32\DRIVERS\nvgts64.sys [] R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [] R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [] R0 Wd;Microsoft Watchdog Timer Driver; C:\WINDOWS\system32\DRIVERS\wd.sys [] R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [] R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [] R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [] R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [] R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [] R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS [] R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [] R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [] R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [] S3 ag3o3rtt;ag3o3rtt; C:\WINDOWS\SysWOW64\drivers\ag3o3rtt.sys [] S3 Ambfilt64;Ambfilt64; C:\WINDOWS\system32\drivers\Ambft64.sys [] S3 Monfilt64;Monfilt64; C:\WINDOWS\system32\drivers\Monft64.sys [] S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [] S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [] S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [] S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [] S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Documents and Settings\Administrator\My Documents\RealTemp_340\WinRing0x64.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [] S4 adpu320;adpu320; C:\WINDOWS\SysWOW64\drivers\adpu320.sys [] S4 AmdIde;AmdIde; C:\WINDOWS\SysWOW64\drivers\AmdIde.sys [] S4 arc;arc; C:\WINDOWS\SysWOW64\drivers\arc.sys [] S4 iirsp;iirsp; C:\WINDOWS\SysWOW64\drivers\iirsp.sys [] S4 symmpi;symmpi; C:\WINDOWS\SysWOW64\drivers\symmpi.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-07 810120] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre6\bin\jqs.exe [2010-07-11 153376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184] S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 42336] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [] S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848] S4 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe svc [] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808] S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc64.exe [] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.08 2010-09-21 18:34:08 ======Uninstall list====== -->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Reader 9.3.4 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A93000000001} Burn4Free CD & DVD 5.0.0.0-->"C:\Program Files (x86)\Burn4Free\unins000.exe" Combined Community Codec Pack 2009-09-09-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe" Command & Conquer™ 4 Tyberyjski Zmierzch-->MsiExec.exe /X{82696435-8572-4D8B-A230-D1AA567D0F0F} Disciples III-->"D:\Disciples III\unins000.exe" Dragon Age: Początek-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe Driver Sweeper 2.1.0-->"C:\Program Files (x86)\Phyxion.net\Driver Sweeper\unins000.exe" eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} EVEREST Ultimate Edition v5.30-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe" EVGA Precision 1.9.6-->"C:\Program Files (x86)\EVGA Precision\uninstall.exe" Gadu-Gadu 10-->C:\Program Files (x86)\Gadu-Gadu 10\Uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly Mafia II Update 1-->"D:\Mafia II\Mafia II\unins000.exe" Mafia II-->"D:\Mafia II\unins000.exe" Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C} Microsoft Office XP Professional z programem FrontPage-->MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Motorola Phone Tools-->C:\Program Files (x86)\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly Mozilla Firefox (3.6.10)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files (x86)\MSN\MsnInstaller\msninst.exe /Action:ARP Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe NapiProjekt 1.0.6.9-->"C:\Program Files (x86)\NAPI-PROJEKT\unins000.exe" Nero OEM-->C:\Program Files (x86)\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} OCCT Perestroika 3.1.0-->"C:\Program Files (x86)\OCCT\unins000.exe" QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Real Alternative 2.0.1 Lite-->"C:\Program Files (x86)\Real Alternative\unins000.exe" RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Sniper Ghost Warrior-->"D:\Sniper Ghost Warrior\unins000.exe" Split/Second-->"C:\Program Files (x86)\InstallShield Installation Information\{28526951-55EF-4901-A0CA-B9AC966D1DD1}\setup.exe" -runfromtemp -l0x0409 -removeonly StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab for Intel-->MsiExec.exe /I{ADD72094-D289-4714-A62E-70574478A2BC} System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Uniblue RegistryBooster-->"C:\Program Files (x86)\Uniblue\RegistryBooster\unins000.exe" Uniblue SpeedUpMyPC-->"C:\Program Files (x86)\Uniblue\SpeedUpMyPC\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======Security center information====== AV: ESET NOD32 Antivirus 4.2 ======System event log====== Computer Name: DEGH-2D6A971E51 Event Code: 1005 Message: Your computer has detected that the IP address 192.168.1.4 for the Network Card with network address 00044B1733E1 is already in use on the network. Your computer will automatically attempt to obtain a different address. Record Number: 49 Source Name: Dhcp Time Written: 20100711162035.000000+120 Event Type: Warning User: Computer Name: DEGH-2D6A971E51 Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Record Number: 48 Source Name: DCOM Time Written: 20100711162034.000000+120 Event Type: Error User: NT AUTHORITY\NETWORK SERVICE Computer Name: DEGH-2D6A971E51 Event Code: 10016 Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Record Number: 45 Source Name: DCOM Time Written: 20100711162022.000000+120 Event Type: Error User: NT AUTHORITY\NETWORK SERVICE Computer Name: DEGH-2D6A971E51 Event Code: 10016 Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Record Number: 26 Source Name: DCOM Time Written: 20100711161646.000000+120 Event Type: Error User: NT AUTHORITY\LOCAL SERVICE Computer Name: DEGH-2D6A971E51 Event Code: 10016 Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool. Record Number: 25 Source Name: DCOM Time Written: 20100711161646.000000+120 Event Type: Error User: NT AUTHORITY\LOCAL SERVICE =====Application event log===== Computer Name: MACHINENAME Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 24 Source Name: WinMgmt Time Written: 20100711161121.000000+120 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: MACHINENAME Event Code: 5603 Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 23 Source Name: WinMgmt Time Written: 20100711161121.000000+120 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: MACHINENAME Event Code: 63 Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 13 Source Name: WinMgmt Time Written: 20100711160906.000000+120 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: MACHINENAME Event Code: 63 Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 12 Source Name: WinMgmt Time Written: 20100711160906.000000+120 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: MACHINENAME Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 11 Source Name: WinMgmt Time Written: 20100711160906.000000+120 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Security event log===== Computer Name: MACHINENAME Event Code: 576 Message: Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Security Time Written: 20100711160705.000000+120 Event Type: Audit Success User: NT AUTHORITY\NETWORK SERVICE Computer Name: MACHINENAME Event Code: 528 Message: Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: MACHINENAME$ Caller Domain: Caller Logon ID: (0x0,0x3E7) Caller Process ID: 252 Transited Services: - Source Network Address: - Source Port: - Record Number: 4 Source Name: Security Time Written: 20100711160705.000000+120 Event Type: Audit Success User: NT AUTHORITY\NETWORK SERVICE Computer Name: MACHINENAME Event Code: 576 Message: Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Record Number: 3 Source Name: Security Time Written: 20100711160705.000000+120 Event Type: Audit Success User: NT AUTHORITY\LOCAL SERVICE Computer Name: MACHINENAME Event Code: 528 Message: Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: MACHINENAME$ Caller Domain: Caller Logon ID: (0x0,0x3E7) Caller Process ID: 252 Transited Services: - Source Network Address: - Source Port: - Record Number: 2 Source Name: Security Time Written: 20100711160705.000000+120 Event Type: Audit Success User: NT AUTHORITY\LOCAL SERVICE Computer Name: MACHINENAME Event Code: 612 Message: Audit Policy Change: New Policy: Success Failure + - Logon/Logoff - - Object Access - - Privilege Use - - Account Management - - Policy Change - - System - - Detailed Tracking - - Directory Service Access + - Account Logon Changed By: User Name: MACHINENAME$ Domain Name: Logon ID: (0x0,0x3E7) Record Number: 1 Source Name: Security Time Written: 20100711175948.000000+120 Event Type: Audit Success User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=AMD64 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=EM64T Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] Wrzucam tez nowy log OTL jako ze uzylem jednego z tych "cudownych" programow do czyszczenia rejestru [log]OTL logfile created on: 2010-09-21 18:41:46 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free 16,00 Gb Paging File | 15,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 64,56 Gb Free Space | 27,72% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 139,37 Gb Free Space | 59,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DEGH-2D6A971E51 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-09-21 18:38:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL.exe PRC - [2010-09-18 15:04:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010-09-16 13:22:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010-09-13 01:09:56 | 012,653,152 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2010-08-30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010-08-11 03:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe PRC - [2010-07-11 19:13:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe PRC - [2010-07-06 18:26:42 | 019,556,968 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2007-02-18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-09-21 18:38:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL.exe MOD - [2010-07-27 12:11:14 | 008,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shell32.dll MOD - [2010-07-26 15:18:08 | 000,634,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rpcrt4.dll MOD - [2009-10-15 13:35:36 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\shlwapi.dll MOD - [2009-06-16 13:25:28 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\secur32.dll MOD - [2009-03-21 09:47:30 | 001,009,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\kernel32.dll MOD - [2009-03-19 19:51:22 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ntdll.dll MOD - [2009-03-19 19:51:22 | 000,619,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\advapi32.dll MOD - [2008-10-23 18:49:16 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\gdi32.dll MOD - [2007-12-13 16:28:08 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\oleaut32.dll MOD - [2007-03-02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\user32.dll MOD - [2007-02-18 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ole32.dll MOD - [2007-02-18 14:00:00 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\setupapi.dll MOD - [2007-02-18 14:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll MOD - [2007-02-18 14:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\clbcatq.dll MOD - [2007-02-18 14:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msvcrt.dll MOD - [2007-02-18 14:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTF.dll MOD - [2007-02-18 14:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll MOD - [2007-02-18 14:00:00 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\uxtheme.dll MOD - [2007-02-18 14:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll MOD - [2007-02-18 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME MOD - [2007-02-18 14:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winspool.drv MOD - [2007-02-18 14:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\apphelp.dll MOD - [2007-02-18 14:00:00 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imm32.dll MOD - [2007-02-18 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx MOD - [2007-02-18 14:00:00 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\olepro32.dll MOD - [2007-02-18 14:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\srclient.dll MOD - [2007-02-18 14:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\psapi.dll MOD - [2007-02-18 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\version.dll MOD - [2007-02-17 07:58:24 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\xmlprov.dll -- (xmlprov) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wzcsvc.dll -- (WZCSVC) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\wuauserv.dll -- (wuauserv) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\advapi32.dll -- (Wmi) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ups.exe -- (UPS) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\tlntsvr.exe -- (TlntSvr) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\WINDOWS\SysNative\smlogsvc.exe -- (SysmonLog) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\srsvc.dll -- (srservice) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\SCardSvr.exe -- (SCardSvr) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sessmgr.exe -- (RDSessMgr) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (PlugPlay) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\nvsvc64.exe -- (nvsvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ntmssvc.dll -- (NtmsSvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDEdsdm) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\netdde.exe -- (NetDDE) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\msgsvc.dll -- (Messenger) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\imapi.exe -- (ImapiService) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\w3ssl.dll -- (HTTPFilter) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\services.exe -- (Eventlog) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ersvc.dll -- (ERSvc) SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\WINDOWS\SysNative\dmserver.dll -- (dmserver) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dmadmin.exe -- (dmadmin) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\clipsrv.exe -- (ClipSrv) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\cisvc.exe -- (CiSvc) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\appdrvrem01.exe -- (appdrvrem01) SRV:[b]64bit:[/b] - File not found [Disabled | Stopped] -- C:\WINDOWS\SysNative\alrsvc.dll -- (Alerter) SRV:[b]64bit:[/b] - [2010-05-06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2010-04-07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008-07-25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2007-10-18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007-02-18 14:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet) SRV - [2007-02-18 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006-10-18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\Drivers\wpdusb.sys -- (WpdUsb) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdmaud.sys -- (wdmaud) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\update.sys -- (Update) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sysaudio.sys -- (sysaudio) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\swmidi.sys -- (swmidi) DRV:[b]64bit:[/b] - File not found [File_System | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\sr.sys -- (sr) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\splitter.sys -- (splitter) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys -- (redbook) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys -- (Raspti) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys -- (Ptilink) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\psched.sys -- (PSched) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys -- (nvnetbus) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\nvgts64.sys -- (nvgts64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys -- (NVENETFD) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys -- (nv) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\nic1394.sys -- (NIC1394) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\motccgp.sys -- (motccgp) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Monft64.sys -- (Monfilt64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\Drivers\LBeepKE.sys -- (LBeepKE) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\kmixer.sys -- (kmixer) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys -- (IPSec) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys -- (Ip6Fw) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys -- (imapi) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys -- (Gpc) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys -- (Ftdisk) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\epfwtdir.sys -- (epfwtdir) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\DRIVERS\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - File not found [File_System | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmload.sys -- (dmload) DRV:[b]64bit:[/b] - File not found [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dmio.sys -- (dmio) DRV:[b]64bit:[/b] - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\dmboot.sys -- (dmboot) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys -- (CdaD10BA) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys -- (CdaC15BA) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys -- (audstub) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys -- (Atmarpc) DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\DRIVERS\arp1394.sys -- (Arp1394) DRV:[b]64bit:[/b] - File not found [Kernel | System | Running] -- C:\WINDOWS\SysNative\Drivers\appdrv01.sys -- (appdrv01) Application Driver (01) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Ambft64.sys -- (Ambfilt64) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aec.sys -- (aec) DRV - [2010-08-11 03:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64) DRV - [2008-07-26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2007-02-18 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2561535148-1452933733-681565869-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: streamo.tv@lukow.pl:1.11 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-18 15:04:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-18 15:05:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-07-11 17:13:09 | 000,000,000 | ---D | M] [2010-07-11 16:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010-09-21 15:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions [2010-08-19 08:01:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-25 11:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\co9nf5gr.default\extensions\streamo.tv@lukow.pl [2010-09-21 15:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010-07-11 19:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-18 14:39:58 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCARDS.dll [2010-07-11 19:13:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010-06-26 09:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-26 09:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-06-26 09:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-26 09:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-26 09:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-26 09:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml Hosts file not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [KernelFaultCheck] File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2561535148-1452933733-681565869-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278858857093 (WUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found O21:[b]64bit:[/b] - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found NetSvcs:[b]64bit:[/b] DMServer - C:\WINDOWS\SysNative\dmserver.dll File not found NetSvcs:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found NetSvcs:[b]64bit:[/b] Ntmssvc - C:\WINDOWS\SysNative\ntmssvc.dll File not found NetSvcs:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found NetSvcs:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found NetSvcs:[b]64bit:[/b] Wmi - C:\WINDOWS\SysNative\advapi32.dll File not found NetSvcs:[b]64bit:[/b] xmlprov - C:\WINDOWS\SysNative\xmlprov.dll File not found NetSvcs:[b]64bit:[/b] wuauserv - C:\WINDOWS\SysNative\wuauserv.dll File not found MsConfig:64bit - Services: "appdrvrem01" MsConfig:64bit - Services: "nvsvc" MsConfig:64bit - Services: "idsvc" MsConfig:64bit - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe File not found MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found SafeBootMin:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found SafeBootMin:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found SafeBootMin:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found SafeBootMin:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found SafeBootMin:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] sermouse.sys - Driver SafeBootMin:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found SafeBootMin:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\WINDOWS\SysNative\appmgmts.dll File not found SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] dmadmin - C:\WINDOWS\SysNative\dmadmin.exe File not found SafeBootNet:[b]64bit:[/b] dmboot.sys - C:\WINDOWS\SysNative\drivers\dmboot.sys File not found SafeBootNet:[b]64bit:[/b] dmio.sys - C:\WINDOWS\SysNative\drivers\dmio.sys File not found SafeBootNet:[b]64bit:[/b] dmload.sys - C:\WINDOWS\SysNative\drivers\dmload.sys File not found SafeBootNet:[b]64bit:[/b] dmserver - C:\WINDOWS\SysNative\dmserver.dll File not found SafeBootNet:[b]64bit:[/b] EventLog - C:\WINDOWS\SysNative\services.exe File not found SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] ip6fw.sys - C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found SafeBootNet:[b]64bit:[/b] Messenger - C:\WINDOWS\SysNative\msgsvc.dll File not found SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PlugPlay - C:\WINDOWS\SysNative\services.exe File not found SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - C:\WINDOWS\SysNative\sessmgr.exe File not found SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] sermouse.sys - Driver SafeBootNet:[b]64bit:[/b] sr.sys - C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found SafeBootNet:[b]64bit:[/b] SRService - C:\WINDOWS\SysNative\srsvc.dll File not found SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] UploadMgr - Service SafeBootNet:[b]64bit:[/b] WZCSVC - C:\WINDOWS\SysNative\wzcsvc.dll File not found SafeBootNet:[b]64bit:[/b] {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-09-21 18:34:04 | 000,000,000 | ---D | C] -- C:\rsit [2010-09-21 14:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\OCCT [2010-09-21 12:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCCT [2010-09-20 22:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010-09-19 22:54:27 | 009,970,920 | ---- | C] (BioWare) -- C:\Documents and Settings\Administrator\Desktop\daorigins.exe [2010-09-18 15:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2010-09-18 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real [2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2010-09-18 15:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real [2010-09-18 15:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real [2010-09-17 20:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\p95v2511 [2010-09-17 20:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RealTemp_340 [2010-09-17 20:48:57 | 002,325,792 | ---- | C] (CPUID) -- C:\Documents and Settings\Administrator\My Documents\cpuz64.exe [2010-09-17 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2010-09-15 21:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010-09-15 11:34:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2010-09-15 11:33:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010-09-15 11:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010-09-15 11:27:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010-09-13 09:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dragon age dodatki [2010-09-10 15:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010-09-10 12:34:41 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\SysWow64\B4FM.dll [2010-09-10 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burn4Free [2010-09-08 18:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BioWare [2010-09-08 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BioWare [2010-09-08 18:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP [2010-09-08 17:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2010-09-04 12:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead [2010-09-04 12:37:34 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\SysWow64\TwnLib20.dll [2010-09-04 12:37:30 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\SysWow64\picn20.dll [2010-09-04 12:37:29 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\SysWow64\imagr5.dll [2010-09-04 12:37:29 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\imagx5.dll [2010-09-04 12:37:28 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\SysWow64\ImagXpr5.dll [2010-09-04 12:37:20 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\SysWow64\NeroCheck.exe [2010-09-04 12:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-09-04 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead [2010-08-31 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games [2010-08-31 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Fallout3 [2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive [2010-08-31 13:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-08-28 00:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape [2010-08-27 10:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2010-08-27 10:40:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew [2010-08-27 10:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010-08-25 00:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA [2010-08-25 00:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010-08-25 00:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010-08-25 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-08-25 00:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2K Games [2010-08-23 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gstreamer-0.10 [2010-08-23 20:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-08-23 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenFM [2010-08-23 14:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com [2010-08-22 08:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatsRunning [2010-08-21 14:24:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010-08-21 14:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2010-08-20 22:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AliensVsPredator [2010-08-19 09:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-08-15 15:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Contacts [2010-08-15 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2010-08-15 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010-07-30 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\StarCraft II [2010-07-30 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software [2010-07-30 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Phone Tools [2010-07-30 11:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010-07-30 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield [2010-07-29 15:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\muza [2010-07-28 10:46:31 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2010-07-28 10:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2010-07-28 10:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\QuickTime [2010-07-28 10:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010-07-24 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010-07-24 21:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET [2010-07-24 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-10-08 12:53:32 | 000,674,933 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG [2010-10-08 12:53:14 | 000,668,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG [2010-10-08 12:50:08 | 000,669,315 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG [2010-10-08 12:49:56 | 000,629,652 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG [2010-10-08 12:49:26 | 000,646,100 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG [2010-10-08 12:39:18 | 000,682,108 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG [2010-10-08 12:37:50 | 000,665,207 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG [2010-10-08 12:28:20 | 000,600,939 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG [2010-09-21 18:37:40 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-09-21 17:29:42 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-21 17:22:21 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Almost 65.doc [2010-09-21 16:35:07 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-21 16:35:07 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010-09-21 16:35:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-09-21 16:35:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-09-21 16:32:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-09-21 16:22:37 | 007,481,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010-09-21 14:43:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk [2010-09-21 14:43:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk [2010-09-21 13:31:07 | 000,017,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010-09-21 12:58:48 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OCCT.lnk [2010-09-20 20:48:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-18 15:25:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-09-18 15:04:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\SysWow64\pncrt.dll [2010-09-18 12:53:48 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk [2010-09-17 20:47:30 | 001,055,367 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip [2010-09-16 15:47:18 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-09-16 15:27:39 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010-09-16 15:26:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb [2010-09-16 15:26:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb [2010-09-16 15:23:23 | 000,000,562 | ---- | M] () -- C:\WINDOWS\win.ini [2010-09-15 21:37:08 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc [2010-09-15 11:33:26 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010-09-12 23:28:17 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk [2010-09-10 12:34:41 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk [2010-09-10 12:34:41 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk [2010-09-07 20:29:57 | 000,545,468 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg [2010-09-07 20:29:50 | 000,522,299 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg [2010-09-07 20:29:26 | 000,523,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg [2010-09-07 20:29:04 | 000,515,185 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg [2010-09-07 12:14:12 | 000,042,971 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg [2010-09-05 23:56:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc [2010-09-05 19:09:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVGA Precision.lnk [2010-09-04 12:39:11 | 000,001,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010-09-04 12:39:11 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk [2010-09-04 12:29:24 | 000,887,411 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip [2010-09-02 17:27:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc [2010-08-28 09:23:32 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk [2010-08-26 21:35:55 | 000,134,144 | ---- | M] () -- C:\WINDOWS\SysWow64\xvidvfw.dll [2010-08-25 14:56:15 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk [2010-08-21 14:05:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk [2010-08-11 09:02:38 | 000,591,140 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2010-08-09 16:55:01 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk [2010-07-31 00:03:21 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk [2010-07-28 10:45:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010-07-28 10:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\QuickTime.qtp [61 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-08 12:53:32 | 000,674,933 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646.JPG [2010-10-08 12:53:14 | 000,668,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645.JPG [2010-10-08 12:50:08 | 000,669,315 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644.JPG [2010-10-08 12:49:56 | 000,629,652 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8643.JPG [2010-10-08 12:49:26 | 000,646,100 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642.JPG [2010-09-21 17:22:21 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Almost 65.doc [2010-09-21 14:43:21 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010-09-21 14:43:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk [2010-09-21 14:43:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk [2010-09-21 12:58:48 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OCCT.lnk [2010-09-18 15:05:07 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-18 15:05:06 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500.job [2010-09-18 12:53:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk [2010-09-17 20:48:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpuz.ini [2010-09-17 20:47:30 | 001,055,367 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\p95v2511.zip [2010-09-16 15:27:39 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010-09-15 21:37:08 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zad.doc [2010-09-10 12:34:41 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk [2010-09-10 12:34:41 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Burn4Free.lnk [2010-09-09 12:11:58 | 049,073,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dragon_Age_Origins_-_Poradnik_Gry-OnLine.pdf [2010-09-08 18:10:15 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to daorigins.exe.lnk [2010-09-07 20:29:57 | 000,545,468 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8644r.jpg [2010-09-07 20:29:49 | 000,522,299 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8645r.jpg [2010-09-07 20:29:26 | 000,523,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8646r.jpg [2010-09-07 20:29:04 | 000,515,185 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8642r.jpg [2010-09-07 18:59:42 | 000,665,207 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8640.JPG [2010-09-07 18:59:42 | 000,600,939 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8639.JPG [2010-09-07 18:59:41 | 000,682,108 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DSCN8641.JPG [2010-09-07 12:18:02 | 000,042,971 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\skanuj.jpg [2010-09-06 16:26:24 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\This short text presents us history of United States of America.doc [2010-09-06 16:26:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Białystok dnia 2.doc [2010-09-06 13:07:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-09-04 12:39:11 | 000,001,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk [2010-09-04 12:39:11 | 000,001,281 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk [2010-09-04 12:29:22 | 000,887,411 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cpu-z_1.55-64bits-en.zip [2010-08-28 09:23:31 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom Microsoft Outlook.lnk [2010-08-25 14:56:15 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mafia2.exe.lnk [2010-08-21 14:05:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EVEREST Ultimate Edition.lnk [2010-08-09 16:55:01 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SplitSecond.exe.lnk [2010-07-30 23:55:18 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk [2010-07-28 10:45:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010-07-28 10:45:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\QuickTime.qtp [2010-07-13 21:54:47 | 000,134,144 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll [2010-07-13 21:54:44 | 000,207,360 | ---- | C] () -- C:\WINDOWS\SysWow64\evrprop.dll [2010-07-13 21:54:08 | 000,080,384 | ---- | C] () -- C:\WINDOWS\SysWow64\mkzlib.dll [2010-07-13 21:54:08 | 000,024,576 | ---- | C] () -- C:\WINDOWS\SysWow64\mkunicode.dll [2010-07-13 18:39:34 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-12 16:32:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll [2010-07-11 16:49:13 | 000,591,140 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat [2007-02-18 14:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2007-02-18 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2007-02-18 14:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2007-02-18 14:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2007-02-18 14:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll [2007-02-18 14:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2007-02-18 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2007-02-18 14:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2007-02-18 14:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll [2007-02-18 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll [2007-02-18 14:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2007-02-18 14:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2007-02-18 14:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2007-02-18 14:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2007-02-18 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2007-02-18 14:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2007-02-18 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2007-02-18 14:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll [color=#E56717]========== LOP Check ==========[/color] [2010-09-18 12:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BESTplayer [2010-07-20 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command and Conquer 4 [2010-07-12 16:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu 10 [2010-07-23 12:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GanymedeNet [2010-07-13 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2010-08-15 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2010-09-03 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mumble [2010-08-28 00:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape [2010-08-23 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenFM [2010-09-19 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft [2010-07-11 20:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue [2010-09-08 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2010-07-30 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010-07-11 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010-07-12 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10 [2010-09-18 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM [2010-07-14 11:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2010-09-21 16:35:07 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job [2010-09-21 16:32:20 | 000,032,582 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-07-11 16:12:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-07-11 16:12:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-09-21 16:34:55 | 2144,337,919 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2007-02-18 14:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys < End of report > [/log]
Tomek01 komentarz 21 września 2010 komentarz 21 września 2010 Wrzuć jeszcze log Gmer. Coś mi to dziwnie wygląda. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
Degh komentarz 21 września 2010 Autor komentarz 21 września 2010 (edytowane) Skan drwebcureit nie wykryl praktycznie nic, jedynie jakies "plotki" typu faketrojanalert, malwarebytes nie wykrylo nic.Dodaje log z gmera [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-21 19:50:00 Windows 5.2.3790 Service Pack 2 Running: v8vzjuui.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x93 0xE4 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x20 0xD8 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x91 0x65 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x54 0x28 0x9D 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x91 0x52 0xBC 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x91 0x52 0xBC 0x21 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x15 0x93 0xE4 0xCA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x20 0xD8 0xC8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x91 0x65 0x8E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x54 0x28 0x9D 0xAF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x91 0x52 0xBC 0x21 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x91 0x52 0xBC 0x21 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrator\My Documents\Pobieranie\launch.exe.part 41438568 bytes executable ---- EOF - GMER 1.0.15 ---- [/log]
Tomek01 komentarz 22 września 2010 komentarz 22 września 2010 Log z Gmer'a wykonany w złym środowisku. Zapoznaj się z tym: http://www.searchengines.pl/index.php?act=announce&f=99&id=20 i wykonaj jeszcze raz log. Zaznacz rootkit - pokaż wszystko.
Degh komentarz 23 września 2010 Autor komentarz 23 września 2010 Nie moge usunac tych kluczy SPDT z rejestru, probowalem regassasina, rowniez nie dal rady, Daemon tools odinstalowane , sterownik spdt rowniez, log z gmera, opcja pokazuj wszystko w gmerze jest nie aktywna(nie moge jej zaznaczyc). [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-23 14:24:30 Windows 5.2.3790 Service Pack 2 Running: v8vzjuui.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2F 0x71 0x24 0x69 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2F 0x71 0x24 0x69 ... ---- EOF - GMER 1.0.15 ---- [/log]
Tomek01 komentarz 23 września 2010 komentarz 23 września 2010 Pobierz i zastosuj: [b][url="http://dlz.download.chip.eu/exec/r2r.pl?m=dlz;u=http%3A%2F%2Fdl03.chip.eu%2Fdownload%2Fdac1ec6c24f4a379220a8c081a755f00%2F4c9b9cb8%2F15149%2FIceSword122en.zip;ct=1;thc=1;b=15149;c=159799;tit=Beitrag+15149+PL;url=http%3A%2F%2Fdownload.chip.eu%2Fpl%2Fdownload_getfile_pl_2498954.html;sep=%7C;tid=128;tp=9%7C47;tc=005007000;tn=Antiviren-Tools;tpn=download+eu%7CSicherheit+%26+Hilfe;content_type=egc;cs=1"]Ice Sword 1.20[/url][/b]
Degh komentarz 23 września 2010 Autor komentarz 23 września 2010 nie wiem co sie dzieje, podejrzewam ze problemem jest system 64bitowy, ale odddzielnej wersji dla 64 bitow nie ma;/
Tomek01 komentarz 25 września 2010 komentarz 25 września 2010 Wrzuć log [i]Silent Runners[/i] oraz [i]Reglooks[/i].
Degh komentarz 25 września 2010 Autor komentarz 25 września 2010 [log]"Silent Runners.vbs", revision 63, http://www.silentrunners.org/ Operating System: Windows Server 2003 SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools Lite" = ""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun" ["DT Soft Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "JMB36X IDE Setup" = "C:\WINDOWS\RaidTool\xInsIDE.exe" [null data] "36X Raid Configurer" = "C:\WINDOWS\SysWOW64\xRaidSetup.exe boot" ["JMicron Technology Corp."] "Adobe Reader Speed Launcher" = ""C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"] "SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."] "EVGAPrecision" = ""C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe" /s" [empty string] "NeroFilterCheck" = "C:\WINDOWS\SysWow64\NeroCheck.exe" ["Ahead Software Gmbh"] "TkBellExe" = ""C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "hticons.dll" [file not found] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll" [MS] "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" = "ShellPlusContextMenu" -> {HKLM...CLSID} = "Burn4Freecontext menu" \InProcServer32\(Default) = "C:\WINDOWS\SysWow64\B4FM.dll" ["Ikysasoft s.r.l. uninominale"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files (x86)\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "System" = "lsass.exe" [file not found] HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\ <<!>> ("msapsspc.dll" [** WMI GetObject error **], "msnsspc.dll" [** WMI GetObject error **]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> EFS\DLLName = "sclgntfy.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" -> {HKLM...CLSID} = "WebView MIME Filter" \InProcServer32\(Default) = "C:\WINDOWS\syswow64\SHELL32.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> cdo\CLSID = "{CD00020A-8B95-11D1-82DB-00C04FB1625D}" -> {HKLM...CLSID} = "Microsoft PKM KnowledgePluggable Class" \InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL" [MS] <<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}" -> {HKLM...CLSID} = "DVD: Pluggable Protocol" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\msvidctl.dll" [MS] <<!>> gopher\CLSID = "{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" -> {HKLM...CLSID} = "gopher: Asychronous Pluggable Protocol Handler" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\urlmon.dll" [MS] <<!>> its\CLSID = "{9D148291-B9C8-11D0-A4CC-0000F80149F6}" -> {HKLM...CLSID} = "Microsoft InfoTech Protocols for IE 4.0" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\itss.dll" [MS] <<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~2\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS] <<!>> mhtml\CLSID = "{05300401-BCBC-11d0-85E3-00C04FD85AB4}" -> {HKLM...CLSID} = "MHTML Asychronous Pluggable Protocol Handler" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\inetcomm.dll" [MS] <<!>> ms-its\CLSID = "{9D148291-B9C8-11D0-A4CC-0000F80149F6}" -> {HKLM...CLSID} = "Microsoft InfoTech Protocols for IE 4.0" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\itss.dll" [MS] <<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~2\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS] <<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}" -> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler" \InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS] <<!>> sysimage\CLSID = "{76E67A63-06E9-11D2-A840-006008059382}" -> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\mshtml.dll" [MS] <<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" -> {HKLM...CLSID} = "TV: Pluggable Protocol" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\msvidctl.dll" [MS] <<!>> wia\CLSID = "{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" -> {HKLM...CLSID} = "WiaProtocol Class" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\wiascr.dll" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"] WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ ShellPlusContextMenu\(Default) = "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" -> {HKLM...CLSID} = "Burn4Freecontext menu" \InProcServer32\(Default) = "C:\WINDOWS\SysWow64\B4FM.dll" ["Ikysasoft s.r.l. uninominale"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll" ["ESET"] WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" [null data] Default executables: -------------------- HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile" <<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\SysWOW64\mshta.exe "%1" %*" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoActiveDesktop" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Tapeta pulpitu.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [file not found] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSCDBurningOnArrival\ "Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17170" "InvokeProgID" = "Folder" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS] MSOpenFolder\ "Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17155" "InvokeProgID" = "Folder" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe" "%1"" [file not found] MSPlayMediaOnArrival\ "Provider" = "@wmploc.dll,-6502" "InvokeProgID" = "WMP.PlayMedia" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\WMP.PlayMedia\shell\play\DropTarget\CLSID = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" -> {HKLM...CLSID} = "WMP Play As Playlist Launcher" \InProcServer32\(Default) = "C:\WINDOWS\syswow64\wmpshell.dll" [MS] MSPrintPicturesOnArrival\ "Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17159" "InvokeProgID" = "Applications\shimgvw.dll" "InvokeVerb" = "print" HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\command\(Default) = "rundll32.exe C:\WINDOWS\SysWOW64\shimgvw.dll,ImageView_Fullscreen %1" [MS] HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\DropTarget\CLSID = "{60fd46de-f830-4894-a628-6fa81bc0190d}" -> {HKLM...CLSID} = "DropTarget Object for Photo Printing Wizard" \InProcServer32\(Default) = "C:\WINDOWS\SysWOW64\photowiz.dll" [MS] MSSHAudioDevHandler\ "Provider" = "@%SystemRoot%\syswow64\Audiodev.dll,-501" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{640167b4-59b0-47a6-b335-a6b3c0695aea}" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "C:\WINDOWS\system32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] MSShowPicturesOnArrival\ "Provider" = "@%SystemRoot%\syswow64\SHELL32.dll,-17157" "InvokeProgID" = "Shell.AutoplayForSlideShow.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Shell.AutoplayForSlideShow.1\shell\open\DropTarget\CLSID = "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" -> {HKLM...CLSID} = "Shell Autoplay for Slideshow" \LocalServer32\(Default) = "rundll32.exe C:\WINDOWS\SysWOW64\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [MS] NeroAutoPlayEmptyCD\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay" "InvokeVerb" = "EmptyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files (x86)\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files (x86)\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "C:\WINDOWS\system32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe" "%1"" ["Nullsoft, Inc."] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe"" ["Nullsoft, Inc."] Enabled Scheduled Tasks: ------------------------ "RealUpgradeLogonTaskS-1-5-21-2561535148-1452933733-681565869-500" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."] "RealUpgradeScheduledTaskS-1-5-21-2561535148-1452933733-681565869-500" -> launches: "C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."] "RegistryBooster" -> launches: "C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe" ["Uniblue Systems Limited"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: %SystemRoot%\system32\mswsock.dll [MS], 1 - 5 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic Updates, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [file not found]} Background Intelligent Transfer Service, BITS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\qmgr.dll" [file not found]} DCOM Server Process Launcher, DcomLaunch, "C:\WINDOWS\system32\svchost.exe -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [file not found]} ESET Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"" ["ESET"] Event Log, Eventlog, "C:\WINDOWS\system32\services.exe" [file not found] HID Input Service, HidServ, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\hidserv.dll" [file not found]} IPSEC Services, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [file not found] Java Quick Starter, JavaQuickStarterService, ""C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Logical Disk Manager, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [file not found]} Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [file not found] Protected Storage, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [file not found] Remote Procedure Call (RPC), RpcSs, "C:\WINDOWS\system32\svchost.exe -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [file not found]} Security Accounts Manager, SamSs, "C:\WINDOWS\system32\lsass.exe" [file not found] Security Center, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [file not found]} Server, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [file not found]} System Restore Service, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [file not found]} Terminal Services, TermService, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\termsrv.dll" [file not found]} Windows Management Instrumentation, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [file not found]} Workstation, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [file not found]} Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (title not found) Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <<!>> "UpperFilters" = <<!>> "kbdclass" [file not found] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Local Port\Driver = "localspl.dll" [file not found] ---------- (launch time: 2010-09-25 21:54:43) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 39 seconds, including 18 seconds for message boxes) [/log] 64 bit strikes again:
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.