kijek28 utworzono 9 stycznia 2011 utworzono 9 stycznia 2011 Witam. Ostatnio anty wirus wykrywał mi trojana w pliku [b]C:\WINDOWS\system32\WinDir\svchost.exe[/b] I nie mogłem go usunąć anty wirusem ani ręcznie też nie mogłem tego zrobić ponieważ gdy otwieram folder [b]system32[/b] nie ma tam folderu o nazwie [b]WinDir[/b]wiec juz nie wiem co mam robić dalatego wklejam logi może tu ktoś mi pomoże. Miałem też ostatnio problemy z pingiem\lagami nie wiem czy to cos pomoże : P [b]OTL[/b] [b]Extras.txt[/b] [log] OTL Extras logfile created on: 2011-01-09 18:09:24 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16,60 Gb Total Space | 1,14 Gb Free Space | 6,86% Space Free | Partition Type: NTFS Drive D: | 57,92 Gb Total Space | 7,41 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Computer Name: KIJEWSKI | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "57339:TCP" = 57339:TCP:*:Enabled:Pando Media Booster "57339:UDP" = 57339:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "57318:TCP" = 57318:TCP:*:Enabled:Pando Media Booster "57318:UDP" = 57318:UDP:*:Enabled:Pando Media Booster "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "57339:TCP" = 57339:TCP:*:Enabled:Pando Media Booster "57339:UDP" = 57339:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "C:\Program Files\Ronots Client\Tibia.exe" = C:\Program Files\Ronots Client\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Tibia 8.42\Tibia.exe" = C:\Program Files\Tibia 8.42\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia 8.5\Tibia.exe" = C:\Program Files\Tibia 8.5\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia\Tibia.exe" = C:\Program Files\Tibia\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia 8.6\Tibia.exe" = C:\Program Files\Tibia 8.6\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Ronots 8.5\Tibia.exe" = C:\Program Files\Ronots 8.5\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "D:\Mateusz\BOTY DO TIBI\Valve\hl.exe" = D:\Mateusz\BOTY DO TIBI\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe" = D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered) "C:\Program Files\Tibia 8.54\Tibia.exe" = C:\Program Files\Tibia 8.54\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe" = C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe:*:Enabled:KoH -- File not found "D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe" = D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1 -- (http://tibia.org.pl) "C:\Python26\pythonw.exe" = C:\Python26\pythonw.exe:*:Enabled:pythonw -- File not found "C:\Program Files\Swordia Client\Tibia.exe" = C:\Program Files\Swordia Client\Tibia.exe:*:Enabled:Tibia Player -- File not found "D:\Mateusz\TibiCAM\Release\TibiCAM.exe" = D:\Mateusz\TibiCAM\Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe" = D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found "D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe" = D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1 -- (http://tibia.org.pl) "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe" = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe:*:Enabled:LoozikOTS -- File not found "C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe" = C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:removeit -- (InCode Solutions) "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" = C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator -- File not found "D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe" = D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\Program Files\Valve\cstrike.exe" = C:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered) "C:\Program Files\Tibia 8.55\Tibia.exe" = C:\Program Files\Tibia 8.55\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.) "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\YurOTS_094f\ots\YurOTS.exe" = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\YurOTS_094f\ots\YurOTS.exe:*:Enabled:YurOTS -- File not found "C:\Program Files\Ronots 8.40\Tibia.exe" = C:\Program Files\Ronots 8.40\Tibia.exe:*:Enabled:Tibia Player -- File not found "C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe" = C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2 -- File not found "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\TibiCam730-760\TibiCam\TibiCAM.exe" = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\TibiCam730-760\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM -- File not found "D:\Mateusz\TibiCAM\Release\TibiCam\TibiCam\TibiCAM.exe" = D:\Mateusz\TibiCAM\Release\TibiCam\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found "C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- File not found "C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- File not found "D:\Mateusz\TibiCAM\jhkhj\TibiCAM.exe" = D:\Mateusz\TibiCAM\jhkhj\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\remove\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe" = C:\Program Files\remove\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:RemoveIT Pro Free Edition -- (InCode Solutions) "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\blackdproxy17900update\Tibia.exe" = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\blackdproxy17900update\Tibia.exe:*:Enabled:Tibia -- File not found "C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe" = C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe:*:Enabled:S2DNG -- File not found "D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM_8.0\TibiCAM\TibiCAM.exe" = D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM_8.0\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM -- () "D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM\TibiCAM.exe" = D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\launcher\update\ESTdnheadless.exe" = C:\Program Files\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- File not found "D:\BOŚ\game.dat" = D:\BOŚ\game.dat:*:Enabled:Bitwa o Śródziemie™ II -- File not found "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C}" = Nokia Multimedia Player "{11F6F2C9-4215-4CDF-8763-4BBDDDEAD601}" = Remere's Map Editor "{1372DEF8-8089-4F3E-A36D-732C7CD40133}_is1" = RonOTS Client wersja 8.5.7 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35A3A4F4-B792-11D6-A78A-00B0D0142120}" = Java 2 SDK, SE v1.4.2_12 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin "{3FF7A41D-BDB7-4EF1-BA4D-19123FD653D3}_is1" = Aphelion Online "{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5D309203-37B7-498A-B2CA-838E9FFD562B}" = Ventrilo Mix "{7148F0A8-6813-11D6-A77B-00B0D0142120}" = Java 2 Runtime Environment, SE v1.4.2_12 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{79881E78-4F13-4E2E-8E66-DFB6DB5EA1BC}" = DatEditor "{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8395AA4E-123C-46EC-B5EA-42C5D9952C75}" = TibiaTek Bot "{8B5E035D-8E6C-4AB6-B19F-44DABA38EB3B}_is1" = Kingdom Age 1.1 "{8E479C1A-5690-491B-A970-6F1191491D11}" = Tibiacast "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{CEAF3507-FCB3-11D2-850C-00C0F01410B1}" = Majesty "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "2.2" = 2.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AhnLab Online Security" = AhnLab Online Security "ALLPlayer V2.2" = ALLPlayer V2.2 "ALLPlayer_is1" = ALLPlayer V4.X "Audacity_is1" = Audacity 1.2.6 "AutoItv3" = AutoIt v3.3.6.1 "AutoTunnel GG" = AutoTunnel GG "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Dark Ages" = Dark Ages "ElfBot NG_is1" = ElfBot NG 4.5.9 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.6.9 "Gadu-Gadu 10" = Gadu-Gadu 10 "GameBoost_is1" = GameBoost "GamersFirst LIVE!" = GamersFirst LIVE! "GameSpy Arcade" = GameSpy Arcade "Hamachi" = Hamachi 0.9.9.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM) "HyperCam 2" = HyperCam 2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C}" = Nokia Multimedia Player "Kaspersky Online Scanner" = Kaspersky Online Scanner "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0 "Lexmark X1100 Series" = Lexmark X1100 Series "Magebot" = Magebot "MapleStory" = MapleStory "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5 "Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter "Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7) "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OpenTTD" = OpenTTD 1.0.3 "Patch Maker" = Patch Maker "PunkBusterSvc" = PunkBuster Services "RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE "SuperMemo UX - Mobilne rozmówki angielskie " = SuperMemo UX - Mobilne rozmówki angielskie "Tasker_is1" = Tasker version 3.13 "Tibia_is1" = Tibia "TibiaCam TV Lite_is1" = TibiaCam TV Lite 3.2 "TibiaMovie" = TibiaMovie "TrojanHunter_is1" = TrojanHunter 5.3 "Universal Extractor_is1" = Universal Extractor 1.6.1 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinHex" = WinHex "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Worms World Party" = Worms World Party "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "SEYKEN MMORPG - Console Classics Fangame" = SEYKEN MMORPG - Console Classics Fangame [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-06 13:19:32 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10418792. Error - 2011-01-06 13:26:18 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-06 13:26:18 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10418792. Error - 2011-01-06 14:21:29 | Computer Name = KIJEWSKI | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca MapleStory.exe, wersja 1.0.0.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-06 14:24:28 | Computer Name = KIJEWSKI | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca MapleStory.exe, wersja 1.0.0.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-06 20:40:35 | Computer Name = KIJEWSKI | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Patcher.exe, wersja 1.0.0.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-07 19:10:30 | Computer Name = KIJEWSKI | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Ventrilo 2.1.4.exe, wersja 2.1.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-07 19:11:27 | Computer Name = KIJEWSKI | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Ventrilo 2.1.4.exe, wersja 2.1.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-09 09:56:48 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-09 09:56:48 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10418792. [ System Events ] Error - 2011-01-06 13:26:16 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-06 13:30:22 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-06 14:14:08 | Computer Name = KIJEWSKI | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi wuauserv z argumentami „” w celu uruchomienia serwera: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2011-01-09 09:57:22 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-09 10:02:35 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7034 Description = Usługa NMSAccess niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-01-09 10:06:03 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-09 10:15:10 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-09 10:42:39 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-09 10:52:34 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 Error - 2011-01-09 11:08:19 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Avira Upgrade Service z powodu następującego błędu: %%3 < End of report > [/log] [b]OTL.txt[/b] [log] OTL logfile created on: 2011-01-09 18:09:24 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16,60 Gb Total Space | 1,14 Gb Free Space | 6,86% Space Free | Partition Type: NTFS Drive D: | 57,92 Gb Total Space | 7,41 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Computer Name: KIJEWSKI | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe PRC - [2011-01-03 18:27:39 | 003,046,808 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2010-12-09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-11-11 21:53:02 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-10-23 05:47:12 | 001,070,360 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\THGuard.exe PRC - [2010-10-23 05:47:10 | 004,454,168 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe PRC - [2010-10-18 12:46:35 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-10-08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe PRC - [2010-09-20 22:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010-04-04 07:59:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-03-11 23:14:00 | 011,792,992 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-12-02 21:49:59 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2009-10-30 23:11:47 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2009-10-08 12:39:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-10-08 12:39:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-08-22 11:25:22 | 001,655,808 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe PRC - [2009-08-14 07:08:20 | 018,702,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-02-28 08:00:16 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2008-02-28 08:00:14 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2008-02-28 08:00:04 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2006-11-13 14:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 14:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 13:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 13:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2004-08-04 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2003-08-19 16:09:30 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe PRC - [2003-08-19 16:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe PRC - [2003-08-18 15:37:10 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE PRC - [2003-08-18 15:32:56 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe MOD - [2006-09-23 12:13:02 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 13:00:00 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 13:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 13:00:00 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 13:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 13:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 13:00:00 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2004-08-04 13:00:00 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 13:00:00 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 13:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 13:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 13:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 13:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 13:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 13:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 13:00:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-04 13:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 13:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2004-08-04 13:00:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-04 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 13:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-04 13:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2004-08-04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004-08-04 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 13:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe -- (Zwunzi Service) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\avupgsvc.exe -- (AntiVirUpgradeService) SRV - [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\drivers\PCTCore.sys -- (PCTCore) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Mateusz\Pulpit\imax\imax\max20081102.sys -- (maxD20081102) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010-08-27 12:10:25 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010-04-01 22:37:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-07 21:18:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-08-18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-10-17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt) DRV - [2008-10-17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV - [2008-08-28 08:40:40 | 000,111,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-06-18 06:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx) DRV - [2008-03-22 21:41:56 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\Interceptor.sys -- (NetHook_Interceptor) DRV - [2008-02-15 06:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008-02-10 22:05:02 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\ControlCenter.sys -- (NetHook_ControlCenter) DRV - [2007-05-11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007-05-09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007-03-05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007-03-05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007-03-05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007-03-05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum) DRV - [2007-03-05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007-03-05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003-09-06 14:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-09-06 13:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 13:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}:1.0 FF - prefs.js..network.proxy.backup.ftp: "217.98.20.20" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "217.98.20.20" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "217.98.20.20" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "217.98.20.20" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "217.98.20.195" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "217.98.20.195" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "217.98.20.195" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "217.98.20.195" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "217.98.20.195" FF - prefs.js..network.proxy.ssl_port: 8080 FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-06 11:10:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-12 17:03:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-03 18:27:51 | 000,000,000 | ---D | M] [2009-10-07 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Extensions [2010-11-11 21:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions [2010-11-11 15:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010-11-11 21:09:58 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\battlefieldheroespatcher@ea.com [2010-10-22 16:34:49 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com [2009-10-17 13:10:48 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\firebug@software.joehewitt.com [2010-11-28 14:16:49 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\searchplugins\daemon-search.xml [2010-10-23 09:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-01-09 15:16:23 | 000,000,000 | ---D | M] (Zwunzi) -- C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} [2010-03-06 11:10:25 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX [2009-10-08 12:39:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2006-06-03 17:43:22 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2008-04-03 18:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2007-03-31 18:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2006-06-03 17:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2008-03-28 22:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2007-01-05 12:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\..\Toolbar\WebBrowser: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eko] c:\sinf.com File not found O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [OJEA Agent] C:\WINDOWS\System32\28463\OJEA.exe File not found O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [Tibia Luz 77.2] C:\WINDOWS\System32\berseksvr.exe File not found O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe File not found O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_12) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.251.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system\svchost.exe) - C:\WINDOWS\system\svchost.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-07 23:01:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-09-25 13:02:55 | 000,148,118 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{aaa8aa21-b3ff-11de-87a5-001a4d33f8c1}\Shell - "" = AutoRun O33 - MountPoints2\{aaa8aa21-b3ff-11de-87a5-001a4d33f8c1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\MIKSOFT [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\MIKSOFT [2012-06-05 18:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibia 8.57 [2012-06-05 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia 8.57 [2012-06-03 12:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\IVT BlueSoleil [2012-06-03 12:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation [2012-05-30 11:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Bluetooth [2012-05-30 11:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2012-05-28 17:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.55 [2012-05-26 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.57 [2012-05-26 20:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.57 [2012-05-18 15:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Menu Start\Programy\Dark Ages [2012-05-08 20:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Firefly Studios [2012-05-03 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012-05-02 20:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Stronghold Crusader [2012-04-20 12:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Gadu-Gadu [2012-04-20 12:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2012-04-16 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.55 [2011-01-09 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TrojanHunter [2011-01-09 16:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TrojanHunter [2011-01-09 16:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3 [2011-01-09 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2011-01-09 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2011-01-09 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011-01-06 19:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011-01-06 19:04:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-01-06 00:20:41 | 000,000,000 | ---D | C] -- C:\Nexon [2011-01-04 07:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Menu Start\Programy\AutoTunnel GG [2011-01-04 07:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ArtOfPing [2011-01-04 07:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\AutoTunnel GG [2011-01-04 07:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2011-01-03 19:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\chatting log [2011-01-03 16:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\a2bbabfe7b1dd886a0c32b57bd8a94f9 [2011-01-02 02:03:45 | 004,295,152 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\launcher [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Data [2011-01-02 01:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\_sv_CMD_ [2011-01-01 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 7.6 [2011-01-01 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 7.6 [2011-01-01 22:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lavalys [2011-01-01 22:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\id Software [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-12-30 02:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Mozilla [2010-12-29 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2010-12-28 14:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\SuperMemo World [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\SuperMemo UX [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SuperMemo UX [2010-12-28 12:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE! [2010-12-28 12:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-12-27 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-12-23 22:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kolekcja Klasyki [2010-12-23 21:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\My Games [2010-12-23 21:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Games [2010-12-23 21:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2010-12-23 21:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Menu Start\Programy\GameSpy Arcade [2010-12-22 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\TibiaBot NG [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EasyCleaner [2010-12-18 13:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Expert [2010-12-18 12:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 8.0 [2010-12-18 12:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 8.0 [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaTek Bot DevTeam [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaTek Bot [2010-12-18 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2010-12-15 20:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\Tibianic Tools [2010-12-06 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kopia ElfBot NG 8.5 [2010-12-05 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ WTL71 [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG [2010-12-04 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinHex [2010-11-29 14:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blackd Tools [2010-11-28 14:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2010-11-28 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-28 14:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-11-28 14:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Canneverbe Limited [2010-11-28 14:12:46 | 000,000,000 | RH-D | C] -- C:\AHCache [2010-11-28 14:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenCandy [2010-11-28 14:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010-11-28 14:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\Settlers 2 [2010-11-19 15:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\taty fon [2010-11-19 14:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\remove [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Demonic Applications [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DatEditor [2010-11-11 15:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GameBoost [2010-11-11 15:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameBoost [2010-11-11 15:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Moje dokumenty\Vuze Downloads [2010-11-11 15:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Azureus [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-06-13 16:12:52 | 001,464,364 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Mleko w kartoniku.wav [2012-06-08 18:19:24 | 000,291,289 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Popej.JPG [2012-06-08 18:04:33 | 000,142,630 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\loot z asów.JPG [2012-06-03 12:54:03 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0 [2012-06-03 12:54:02 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BlueSoleil.lnk [2012-06-03 12:49:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0 [2012-05-16 18:28:50 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Skrót do TibiaMovie.lnk [2012-05-01 21:18:39 | 000,000,020 | ---- | M] () -- C:\WINDOWS\naglos.INI [2012-04-29 22:01:49 | 000,039,534 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\254.jpg [2012-04-24 13:27:09 | 000,111,587 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\ceny smsow.JPG [2011-01-09 18:03:26 | 000,005,109 | -H-- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mateuszlog.dat [2011-01-09 16:41:48 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2011-01-09 16:41:48 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\TrojanHunter.lnk [2011-01-09 16:06:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-09 14:55:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-07 21:01:24 | 000,017,658 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\are u.JPG [2011-01-07 21:00:57 | 000,018,557 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\face_1291475359_by_langertuo.png [2011-01-06 19:11:51 | 000,555,724 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-01-06 19:11:51 | 000,493,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-01-06 19:11:51 | 000,104,658 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-01-06 19:11:51 | 000,083,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-01-06 03:38:42 | 000,128,830 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\MAPLPEEEEEEEEEEEEEEEEE.JPG [2011-01-06 00:28:01 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\MapleStory.url [2011-01-04 16:41:44 | 000,057,682 | ---- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mateusz3SQLite3.dll [2011-01-04 07:45:07 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\AutoTunnel GG.lnk [2011-01-03 17:57:59 | 000,212,759 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\zooba.JPG [2011-01-03 12:33:47 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-01 22:17:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\EVEREST Home Edition.lnk [2010-12-30 02:38:22 | 000,016,323 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\HHHHHHETERRRRRRRR.JPG [2010-12-30 02:31:00 | 001,840,128 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\QuakeLiveNP_401.msi [2010-12-29 22:07:18 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-29 20:37:09 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\GameSpy Arcade.lnk [2010-12-29 19:05:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-12-28 20:16:49 | 000,023,535 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\LEGITKA.JPG [2010-12-28 20:13:04 | 000,007,872 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\lllllllllllllleeeeeeeeeeeeeeeeeeeeee.jpg [2010-12-28 18:16:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\TibiaMovie.lnk [2010-12-28 14:01:11 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SuperMemo UX.lnk [2010-12-28 02:16:11 | 000,070,755 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\na demotaaaaaa.jpg [2010-12-27 23:26:31 | 000,178,138 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\lol lol.jpg [2010-12-25 03:00:14 | 000,026,615 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\pedofil.JPG [2010-12-25 00:23:48 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\tcfg.ini [2010-12-22 12:43:45 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Skrót do loader.lnk [2010-12-20 22:00:49 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\sciaga hista.doc [2010-12-20 18:57:01 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\fizaaaaaaaaa.doc [2010-12-19 17:50:55 | 000,197,964 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\ZADANIA FIZYKA.jpeg [2010-12-18 20:56:33 | 000,181,498 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\PACZAJ NA TO.JPG [2010-12-18 13:27:42 | 000,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-12-18 12:45:23 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TibiaTek Bot.lnk [2010-12-17 22:42:00 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\zagadka rozwiązana.JPG [2010-12-17 16:32:59 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2010-12-15 21:30:48 | 000,082,330 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\czekolada.JPG [2010-12-15 20:46:05 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\settings.ini [2010-12-15 20:45:45 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\nmnbm.hudcfg [2010-12-15 20:12:21 | 002,764,844 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\ZOŁNIERZU.wav [2010-12-15 13:10:09 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Google Chrome.lnk [2010-12-13 23:30:49 | 000,152,035 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\KIJEK_przelew.pdf [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2010-12-04 13:05:55 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Tibia.lnk [2010-12-01 20:31:55 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\2.2.lnk [2010-11-30 22:11:58 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\niemiecki.doc [2010-11-28 16:13:04 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\PROJEKT.doc [2010-11-28 14:16:47 | 000,001,613 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite.lnk [2010-11-28 14:12:25 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk [2010-11-24 17:59:04 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-11-24 17:58:42 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-11-23 20:06:38 | 000,049,282 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\master.JPG [2010-11-19 14:53:44 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\RemoveIT Pro v4 - SE.lnk [2010-11-17 13:37:14 | 000,050,798 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\DSC00449 (1).jpg [2010-11-17 13:36:20 | 000,120,816 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\DSC01150.JPG [2010-11-15 13:57:41 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\ikonka mokate.JPG [2010-11-15 13:55:14 | 000,023,467 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\LOGO MOKATE XD.JPG [2010-11-15 13:49:39 | 000,003,169 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\1026-1019-large (1).jpg [2010-11-12 22:55:57 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DatEditor.exe.lnk [2010-11-11 21:53:42 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\PnkBstrK.sys [2010-11-11 16:03:34 | 000,000,060 | ---- | M] () -- C:\WINDOWS\window-title-changer.INI [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-13 16:12:36 | 001,464,364 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Mleko w kartoniku.wav [2012-06-08 18:19:24 | 000,291,289 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Popej.JPG [2012-06-08 18:04:33 | 000,142,630 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\loot z asów.JPG [2012-06-05 18:12:55 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2012-06-03 12:54:02 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BlueSoleil.lnk [2012-06-03 12:49:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0 [2012-06-03 12:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0 [2012-05-28 17:49:41 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ElfBot NG.lnk [2012-05-16 18:28:54 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Skrót do TibiaMovie.lnk [2012-05-01 21:18:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2012-04-29 22:01:49 | 000,039,534 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\254.jpg [2012-04-24 13:27:09 | 000,111,587 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ceny smsow.JPG [2012-04-16 21:49:20 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\RonOTS Client.lnk [2011-01-09 16:41:48 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\TrojanHunter.lnk [2011-01-09 16:41:40 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2011-01-07 21:01:24 | 000,017,658 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\are u.JPG [2011-01-07 21:01:07 | 000,018,557 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\face_1291475359_by_langertuo.png [2011-01-06 03:38:42 | 000,128,830 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\MAPLPEEEEEEEEEEEEEEEEE.JPG [2011-01-06 00:28:01 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\MapleStory.url [2011-01-04 16:41:44 | 000,057,682 | ---- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mateusz3SQLite3.dll [2011-01-04 07:45:07 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\AutoTunnel GG.lnk [2011-01-03 17:57:59 | 000,212,759 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\zooba.JPG [2011-01-01 22:17:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\EVEREST Home Edition.lnk [2010-12-30 02:38:22 | 000,016,323 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\HHHHHHETERRRRRRRR.JPG [2010-12-30 02:30:56 | 001,840,128 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\QuakeLiveNP_401.msi [2010-12-29 20:37:09 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\GameSpy Arcade.lnk [2010-12-29 19:05:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-28 20:16:49 | 000,023,535 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\LEGITKA.JPG [2010-12-28 20:13:12 | 000,007,872 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\lllllllllllllleeeeeeeeeeeeeeeeeeeeee.jpg [2010-12-28 18:16:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\TibiaMovie.lnk [2010-12-28 14:01:11 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SuperMemo UX.lnk [2010-12-28 02:16:18 | 000,070,755 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\na demotaaaaaa.jpg [2010-12-27 23:26:31 | 000,178,138 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\lol lol.jpg [2010-12-25 03:00:14 | 000,026,615 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\pedofil.JPG [2010-12-22 12:43:45 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Skrót do loader.lnk [2010-12-20 22:00:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\sciaga hista.doc [2010-12-20 18:57:01 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\fizaaaaaaaaa.doc [2010-12-19 17:51:06 | 000,197,964 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ZADANIA FIZYKA.jpeg [2010-12-18 20:56:33 | 000,181,498 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\PACZAJ NA TO.JPG [2010-12-18 13:27:42 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-12-18 12:45:23 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TibiaTek Bot.lnk [2010-12-17 22:42:00 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\zagadka rozwiązana.JPG [2010-12-15 21:30:48 | 000,082,330 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\czekolada.JPG [2010-12-15 20:46:05 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\settings.ini [2010-12-15 20:43:26 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\nmnbm.hudcfg [2010-12-15 20:12:21 | 002,764,844 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ZOŁNIERZU.wav [2010-12-14 20:15:07 | 000,066,851 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ClassicBotter (1).rar [2010-12-13 23:30:49 | 000,152,035 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\KIJEK_przelew.pdf [2010-12-01 20:31:55 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\2.2.lnk [2010-11-30 22:11:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\niemiecki.doc [2010-11-28 16:13:04 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\PROJEKT.doc [2010-11-28 14:12:25 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk [2010-11-28 14:12:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-11-23 20:06:38 | 000,049,282 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\master.JPG [2010-11-17 18:31:38 | 000,120,816 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\DSC01150.JPG [2010-11-17 18:31:38 | 000,050,798 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\DSC00449 (1).jpg [2010-11-15 13:57:11 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\ikonka mokate.JPG [2010-11-15 13:55:14 | 000,023,467 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\LOGO MOKATE XD.JPG [2010-11-12 22:55:57 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DatEditor.exe.lnk [2010-11-12 16:29:18 | 000,003,169 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\1026-1019-large (1).jpg [2010-11-06 16:51:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\window-title-changer.INI [2010-10-22 16:34:43 | 000,001,613 | ---- | C] () -- C:\Program Files\DAEMON Tools Lite [2010-09-11 22:24:26 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\$_hpcst$.hpc [2010-07-22 10:56:55 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\userInit.dll [2010-04-12 18:10:46 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll [2010-04-01 22:37:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-02 22:29:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-03-02 22:29:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-03-02 22:29:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-08 16:35:02 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\PnkBstrK.sys [2009-12-13 16:15:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009-12-12 14:30:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Wwp.INI [2009-12-10 08:57:07 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI [2009-12-07 16:15:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009-11-28 12:10:03 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2009-11-22 14:28:06 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\packet.dll [2009-11-20 13:34:39 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-17 21:07:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-24 19:49:39 | 000,071,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-20 19:22:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-10-18 12:36:58 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-08 09:24:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2009-10-08 09:24:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2009-10-08 09:24:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2009-10-08 09:24:11 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2009-10-08 00:53:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-10-07 23:23:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1504.dll [2005-05-07 19:31:38 | 000,005,109 | -H-- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mateuszlog.dat [2004-08-04 13:00:00 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\cfnmbrbve0kukxua.dll [color=#E56717]========== LOP Check ==========[/color] [2012-06-03 12:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2010-11-28 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-04-01 22:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-03-25 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-29 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies [2010-12-30 02:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2011-01-04 07:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2010-10-13 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-01-03 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2011-01-09 16:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2009-10-24 22:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2011-01-09 16:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-10-24 20:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Toolbar4 [2011-01-09 16:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrojanHunter [2011-01-04 16:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ArtOfPing [2010-11-11 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Azureus [2010-01-07 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Black Sea Studios [2010-11-28 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Canneverbe Limited [2010-04-01 22:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DAEMON Tools Lite [2009-11-17 14:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBKO [2010-12-08 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBV [2009-11-21 16:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Ek [2011-01-07 21:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\foobar2000 [2009-12-09 23:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Free Sound Recorder [2010-08-22 13:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10 [2009-10-20 18:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\id Software [2010-07-20 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\KingAge [2010-08-27 17:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\LoDB [2010-08-07 22:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\maxup [2009-11-27 20:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mumble [2010-10-27 17:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nokia Multimedia Player [2009-10-08 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nowe Gadu-Gadu [2010-11-28 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenCandy [2010-02-28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenFM [2009-10-24 22:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Publish Providers [2009-11-25 14:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Remere's Map Editor [2009-10-26 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony [2009-10-24 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony Setup [2010-12-28 14:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\SuperMemo World [2010-12-24 23:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibia [2010-04-06 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibiacast [2009-12-02 20:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\WoDBO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 253 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8 < End of report > [/log] RSIT [b]info.txt[/b] [log]info.txt logfile of random's system information tool 1.08 2011-01-09 18:18:55 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2.2-->C:\Program Files\Zagan Square 2.2\Uninstall.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} AhnLab Online Security-->C:\Program Files\AhnLab\ASP\Common\aosremove.exe Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" ALLPlayer V2.2-->C:\Program Files\MarBit\ALLPlayer\UnGins.exe "C:\Program Files\MarBit\ALLPlayer\install.log" ALLPlayer V4.X-->"C:\Program Files\ALLPlayer\unins000.exe" Aphelion Online-->"C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\AphelionOnline\unins000.exe" Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AutoIt v3.3.6.1-->C:\Program Files\AutoIt3\Uninstall.exe AutoTunnel GG-->"C:\Program Files\AutoTunnel GG\uninstall.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D} CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Dark Ages-->C:\PROGRA~1\KRU\DARKAG~1\UNWISE.EXE C:\PROGRA~1\KRU\DARKAG~1\INSTALL.LOG DatEditor-->MsiExec.exe /I{79881E78-4F13-4E2E-8E66-DFB6DB5EA1BC} EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly ElfBot NG 4.5.9-->"C:\Program Files\ElfBot NG 8.6\unins000.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" foobar2000 v0.9.6.9-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000 Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe GameBoost-->"C:\Program Files\GameBoost\unins000.exe" GamersFirst LIVE!-->"C:\Program Files\GamersFirst\LIVE!\uninstall.exe" GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hamachi 0.9.9.9-->C:\Program Files\Hamachi\uninstall.exe Heroes of Might and Magic® III The Shadow of Death(TM)-->C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe" Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Java 2 Runtime Environment, SE v1.4.2_12-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120} Java 2 SDK, SE v1.4.2_12-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142120} Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Kingdom Age 1.1-->"C:\Program Files\Kingdom Age\unins000.exe" K-Lite Mega Codec Pack 5.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series Magebot-->"C:\Program Files\Magebot\uninstall.exe" Majesty-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEAF3507-FCB3-11D2-850C-00C0F01410B1}\setup.exe" -uninst MapleStory-->"C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33563155 -locale:US Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{036FD544-AED6-3F33-856D-A2292D0CF471} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK-->MsiExec.exe /I{7C77393F-8237-3825-A88A-AFAF3C69C072} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - plk-->MsiExec.exe /I{F31E509D-3597-324E-83CF-0C160B2320F0} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{5C19E2DC-4CCF-3114-B40A-6E565987025F} Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020415-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MIKSOFT Mobile AMR converter-->"C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe" Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nexon Game Manager-->"C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local Nokia Multimedia Player-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C} OpenTTD 1.0.3-->C:\Program Files\OpenTTD\uninstall.exe Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - plk\setup.exe Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe Patch Maker-->C:\Program Files\Patch Maker\Uninstal.exe Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ExtendedLP PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u Quake Live Mozilla Plugin-->MsiExec.exe /I{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42} REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe -runfromtemp -l0x0015 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly Remere's Map Editor-->MsiExec.exe /I{11F6F2C9-4215-4CDF-8763-4BBDDDEAD601} RemoveIT Pro v4 - SE-->C:\PROGRA~1\remove\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\remove\INCODE~1\REMOVE~1\INSTALL.LOG RonOTS Client wersja 8.5.7-->"C:\Program Files\RonOTS Client\unins001.exe" SuperMemo UX - Mobilne rozmówki angielskie-->C:\Program Files\SuperMemo UX\rozm_ang_uninst.exe Tasker version 3.13-->"C:\Program Files\Tasker\unins000.exe" Tibia-->"C:\Program Files\Tibia 8.0\unins000.exe" TibiaCam TV Lite 3.2-->"C:\Program Files\TibiaCam TV Lite\unins000.exe" Tibiacast-->MsiExec.exe /I{8E479C1A-5690-491B-A970-6F1191491D11} TibiaMovie-->"C:\Program Files\TibiaMovie\uninstall.exe" TibiaTek Bot-->MsiExec.exe /I{8395AA4E-123C-46EC-B5EA-42C5D9952C75} TrojanHunter 5.3-->"C:\Program Files\TrojanHunter 5.3\unins000.exe" Universal Extractor 1.6.1-->"C:\Program Files\Universal Extractor\unins000.exe" Ventrilo Mix-->MsiExec.exe /X{5D309203-37B7-498A-B2CA-838E9FFD562B} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} WinHex-->C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\winhex (2)\WinHex.exe uninst Worms World Party-->C:\WINDOWS\IsUn0415.exe -f"C:\Team17\Worms World Party\Uninst.isu" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======System event log====== Computer Name: KIJEWSKI Event Code: 7036 Message: Usługa Telefonia weszła w stan uruchomienia. Record Number: 26562 Source Name: Service Control Manager Time Written: 20101208211631.000000+060 Event Type: informacje User: Computer Name: KIJEWSKI Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia. Record Number: 26561 Source Name: Service Control Manager Time Written: 20101208211631.000000+060 Event Type: informacje User: Computer Name: KIJEWSKI Event Code: 7035 Message: Do usługi Rozpoznawanie lokalizacji w sieci (NLA) został pomyślnie wysłany kod sterowania uruchom. Record Number: 26560 Source Name: Service Control Manager Time Written: 20101208211631.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 7036 Message: Usługa Rozpoznawanie lokalizacji w sieci (NLA) weszła w stan uruchomienia. Record Number: 26559 Source Name: Service Control Manager Time Written: 20101208211631.000000+060 Event Type: informacje User: Computer Name: KIJEWSKI Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 26558 Source Name: Service Control Manager Time Written: 20101208211631.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM =====Application event log===== Computer Name: KIJEWSKI Event Code: 1517 Message: System Windows zapisał rejestr użytkownika KIJEWSKI\Mateusz, kiedy aplikacja lub usługa nadal użytkowała rejestr podczas wylogowania. Pamięć używana przez rejestr użytkownika nie została zwolniona. Rejestr zostanie zwolniony, kiedy nie będzie używany. Najczęstszą tego przyczyną są usługi uruchamiane z konta użytkownika. Próbuj skonfigurować te usługi, aby były uruchamiane z konta LocalService lub NetworkService. Record Number: 5 Source Name: Userenv Time Written: 20101207232522.000000+060 Event Type: ostrzeżenie User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 4113 Message: AntiVir has detected 'TR/Dropper.Gen' in the file C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\blackdproxy17900update\BlackdProxy.exe Record Number: 4 Source Name: Avira AntiVir Time Written: 20101207163424.000000+060 Event Type: ostrzeżenie User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 3 Source Name: Avira AntiVir Time Written: 20101207163149.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 0 Message: Record Number: 2 Source Name: gupdate Time Written: 20101207163124.000000+060 Event Type: informacje User: Computer Name: KIJEWSKI Event Code: 0 Message: Record Number: 1 Source Name: gupdate Time Written: 20101207163048.000000+060 Event Type: informacje User: =====Security event log===== Computer Name: KIJEWSKI Event Code: 514 Message: Pakiet uwierzytelnień został załadowany przez lokalny urząd zabezpieczeń. Ten pakiet uwierzytelnień będzie używany do sprawdzania prób logowania. Nazwa pakietu uwierzytelnień: C:\WINDOWS\system32\schannel.dll : Microsoft Unified Security Protocol Provider Record Number: 245 Source Name: Security Time Written: 20110105144835.000000+060 Event Type: powodzenie inspekcji User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 514 Message: Pakiet uwierzytelnień został załadowany przez lokalny urząd zabezpieczeń. Ten pakiet uwierzytelnień będzie używany do sprawdzania prób logowania. Nazwa pakietu uwierzytelnień: C:\WINDOWS\system32\msv1_0.dll : NTLM Record Number: 244 Source Name: Security Time Written: 20110105144835.000000+060 Event Type: powodzenie inspekcji User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 514 Message: Pakiet uwierzytelnień został załadowany przez lokalny urząd zabezpieczeń. Ten pakiet uwierzytelnień będzie używany do sprawdzania prób logowania. Nazwa pakietu uwierzytelnień: C:\WINDOWS\system32\kerberos.dll : Kerberos Record Number: 243 Source Name: Security Time Written: 20110105144835.000000+060 Event Type: powodzenie inspekcji User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 514 Message: Pakiet uwierzytelnień został załadowany przez lokalny urząd zabezpieczeń. Ten pakiet uwierzytelnień będzie używany do sprawdzania prób logowania. Nazwa pakietu uwierzytelnień: C:\WINDOWS\system32\LSASRV.dll : Negotiate Record Number: 242 Source Name: Security Time Written: 20110105144835.000000+060 Event Type: powodzenie inspekcji User: ZARZĄDZANIE NT\SYSTEM Computer Name: KIJEWSKI Event Code: 513 Message: Trwa zamykanie systemu Windows. W wyniku zamknięcia systemu wszystkie sesje logowania zostaną zakończone. Record Number: 241 Source Name: Security Time Written: 20110105004227.000000+060 Event Type: powodzenie inspekcji User: ZARZĄDZANIE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files;;C:\Program Files\Universal Extractor;C:\Program Files\Universal Extractor\bin "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] [b]log.txt[/b] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Mateusz at 2011-01-09 18:18:40 Microsoft Windows XP Home Edition Dodatek Service Pack 2 System drive C: has 1 GB (7%) free of 17 GB Total RAM: 2039 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:18:50, on 2011-01-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\GamersFirst\LIVE!\Live.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe C:\Program Files\TrojanHunter 5.3\THGuard.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Mateusz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.14.223.198:6588 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing) O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll O3 - Toolbar: BigSeekPro Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OJEA Agent] C:\WINDOWS\system32\28463\OJEA.exe O4 - HKLM\..\Run: [eko] c:\sinf.com O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Tibia Luz 77.2] C:\WINDOWS\system32\berseksvr.exe O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\WinDir\Svchost.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\Svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\Svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\avupgsvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe (file missing) -- End of file - 10277 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6eba2e91f029.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core1cb6d9b331480b2.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}] Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-08 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] XBTBPos00 Class - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll [2009-09-01 2723328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - BigSeekPro Toolbar - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll [2009-09-01 2723328] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-08 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "OJEA Agent"=C:\WINDOWS\system32\28463\OJEA.exe [] "eko"=c:\sinf.com [] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "Tibia Luz 77.2"=C:\WINDOWS\system32\berseksvr.exe [] "HKLM"=C:\WINDOWS\system32\WinDir\Svchost.exe [2005-12-10 857088] "THGuard"=C:\Program Files\TrojanHunter 5.3\THGuard.exe [2010-10-23 1070360] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "userini"=C:\WINDOWS\system32\userini.exe [] "Policies"=C:\WINDOWS\system32\WinDir\Svchost.exe [2005-12-10 857088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-10-30 133104] "DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [] "ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "HKCU"=C:\WINDOWS\system32\WinDir\Svchost.exe [2005-12-10 857088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "userini"=C:\WINDOWS\system32\userini.exe [] "Policies"=C:\WINDOWS\system32\WinDir\Svchost.exe [2005-12-10 857088] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit] logonInit.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Ronots Client\Tibia.exe"="C:\Program Files\Ronots Client\Tibia.exe:*:Enabled:Tibia Player" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Tibia 8.42\Tibia.exe"="C:\Program Files\Tibia 8.42\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Tibia 8.5\Tibia.exe"="C:\Program Files\Tibia 8.5\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Tibia\Tibia.exe"="C:\Program Files\Tibia\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Tibia 8.6\Tibia.exe"="C:\Program Files\Tibia 8.6\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Ronots 8.5\Tibia.exe"="C:\Program Files\Ronots 8.5\Tibia.exe:*:Enabled:Tibia Player" "D:\Mateusz\BOTY DO TIBI\Valve\hl.exe"="D:\Mateusz\BOTY DO TIBI\Valve\hl.exe:*:Enabled:Half-Life Launcher" "D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe"="D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher" "C:\Program Files\Tibia 8.54\Tibia.exe"="C:\Program Files\Tibia 8.54\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe"="C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe:*:Enabled:KoH" "D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe"="D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1" "C:\Python26\pythonw.exe"="C:\Python26\pythonw.exe:*:Enabled:pythonw" "C:\Program Files\Swordia Client\Tibia.exe"="C:\Program Files\Swordia Client\Tibia.exe:*:Enabled:Tibia Player" "D:\Mateusz\TibiCAM\Release\TibiCAM.exe"="D:\Mateusz\TibiCAM\Release\TibiCAM.exe:*:Enabled:TibiCAM" "D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe"="D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe:*:Enabled:TibiCAM" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe"="D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe"="D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1" "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe"="C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe:*:Enabled:LoozikOTS" "C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"="C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:removeit" "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator" "D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe"="D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe:*:Enabled:TibiCAM" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Valve\cstrike.exe"="C:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher" "C:\Program Files\Tibia 8.55\Tibia.exe"="C:\Program Files\Tibia 8.55\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\YurOTS_094f\ots\YurOTS.exe"="C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\YurOTS_094f\ots\YurOTS.exe:*:Enabled:YurOTS" "C:\Program Files\Ronots 8.40\Tibia.exe"="C:\Program Files\Ronots 8.40\Tibia.exe:*:Enabled:Tibia Player" "C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe"="C:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\TibiCam730-760\TibiCam\TibiCAM.exe"="C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\TibiCam730-760\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM" "D:\Mateusz\TibiCAM\Release\TibiCam\TibiCam\TibiCAM.exe"="D:\Mateusz\TibiCAM\Release\TibiCam\TibiCam\TibiCAM.exe:*:Enabled:TibiCAM" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze" "C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client" "C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM" "D:\Mateusz\TibiCAM\jhkhj\TibiCAM.exe"="D:\Mateusz\TibiCAM\jhkhj\TibiCAM.exe:*:Enabled:TibiCAM" "C:\Program Files\remove\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"="C:\Program Files\remove\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:RemoveIT Pro Free Edition" "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\blackdproxy17900update\Tibia.exe"="C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\blackdproxy17900update\Tibia.exe:*:Enabled:Tibia" "C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe"="C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\bin\S2DNG.exe:*:Enabled:S2DNG" "D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM_8.0\TibiCAM\TibiCAM.exe"="D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM_8.0\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM" "D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM\TibiCAM.exe"="D:\Mateusz\TibiCAM\TibiCAM_8.0\TibiCAM\TibiCAM.exe:*:Enabled:TibiCAM" "C:\Program Files\launcher\update\ESTdnheadless.exe"="C:\Program Files\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine" "D:\BOŚ\game.dat"="D:\BOŚ\game.dat:*:Enabled:Bitwa o Śródziemie™ II" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2012-06-13 16:12:13 ----D---- C:\Program Files\MIKSOFT 2012-06-05 18:12:54 ----D---- C:\Program Files\Tibia 8.57 2012-06-03 12:52:10 ----D---- C:\Program Files\IVT Corporation 2012-05-30 11:23:33 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth 2012-05-30 11:22:32 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys 2012-05-30 11:22:28 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys 2012-05-30 11:22:27 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys 2012-05-30 11:22:25 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys 2012-05-30 11:22:23 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2012-05-30 11:22:20 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys 2012-05-30 11:22:18 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys 2012-05-30 11:22:07 ----A---- C:\WINDOWS\system32\drivers\vfwwdm32.dll 2012-05-26 20:14:45 ----D---- C:\Program Files\ElfBot NG 8.57 2012-05-08 20:10:22 ----D---- C:\Program Files\Firefly Studios 2012-05-03 18:17:09 ----D---- C:\Program Files\EA Games 2012-05-01 21:18:39 ----AC---- C:\WINDOWS\naglos.INI 2012-04-20 12:34:14 ----D---- C:\Program Files\Gadu-Gadu 2012-04-19 11:02:56 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys 2012-04-19 11:02:54 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys 2012-04-19 11:02:47 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys 2012-04-19 11:02:47 ----A---- C:\WINDOWS\system32\drivers\hidbth.sys 2012-04-19 11:02:26 ----A---- C:\WINDOWS\system32\drivers\bthmodem.sys 2012-04-16 22:44:56 ----D---- C:\Program Files\ElfBot NG 8.55 2011-01-09 18:18:40 ----D---- C:\rsit 2011-01-09 16:41:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TrojanHunter 2011-01-09 16:41:40 ----R---- C:\WINDOWS\system32\streamhlp.dll 2011-01-09 16:41:40 ----D---- C:\Program Files\TrojanHunter 5.3 2011-01-09 16:18:24 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan 2011-01-09 15:19:08 ----D---- C:\Program Files\Spyware Doctor 2011-01-09 15:19:08 ----D---- C:\Program Files\Common Files\PC Tools 2011-01-06 19:05:03 ----D---- C:\Program Files\Microsoft.NET 2011-01-06 19:04:56 ----SHD---- C:\Config.Msi 2011-01-06 00:20:41 ----D---- C:\Nexon 2011-01-04 16:41:44 ----A---- C:\Documents and Settings\Mateusz\Dane aplikacji\Mateusz3SQLite3.dll 2011-01-04 07:45:07 ----D---- C:\Documents and Settings\Mateusz\Dane aplikacji\ArtOfPing 2011-01-04 07:45:04 ----D---- C:\Program Files\AutoTunnel GG 2011-01-04 07:21:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS 2011-01-03 19:25:58 ----D---- C:\Program Files\chatting log 2011-01-02 01:29:52 ----D---- C:\Program Files\launcher 2011-01-02 01:29:52 ----D---- C:\Program Files\Data 2011-01-01 23:02:58 ----D---- C:\Program Files\TibiaBot NG 7.6 2011-01-01 22:17:45 ----D---- C:\Program Files\Lavalys 2010-12-30 02:32:36 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\id Software 2010-12-29 20:37:07 ----D---- C:\Program Files\GameSpy Arcade 2010-12-28 14:02:16 ----D---- C:\Documents and Settings\Mateusz\Dane aplikacji\SuperMemo World 2010-12-28 14:01:11 ----D---- C:\Program Files\SuperMemo UX 2010-12-27 17:43:01 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2010-12-23 21:37:39 ----D---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Games 2010-12-23 21:29:13 ----D---- C:\Program Files\Microsoft Games 2010-12-18 13:43:43 ----D---- C:\Program Files\ToniArts 2010-12-18 13:41:51 ----D---- C:\Program Files\Advanced Registry Expert 2010-12-18 12:54:13 ----D---- C:\Program Files\TibiaBot NG 8.0 2010-12-18 12:45:23 ----D---- C:\Program Files\TibiaTek Bot DevTeam 2010-12-18 12:34:03 ----D---- C:\Program Files\Tibia Auto ======List of files/folders modified in the last 1 months====== 2012-06-03 12:52:02 ----D---- C:\WINDOWS\security 2012-05-05 13:16:48 ----D---- C:\Program Files\Tibia 8.55 2012-04-26 13:46:24 ----D---- C:\Program Files\Audacity 2012-04-21 14:00:27 ----D---- C:\Program Files\Ronots 8.54 2011-01-09 18:18:50 ----D---- C:\Program Files\Trend Micro 2011-01-09 16:41:40 ----RD---- C:\Program Files 2011-01-09 16:41:40 ----D---- C:\WINDOWS\system32 2011-01-09 16:36:33 ----D---- C:\WINDOWS\Temp 2011-01-09 16:12:33 ----D---- C:\WINDOWS\system32\drivers 2011-01-09 16:12:31 ----D---- C:\WINDOWS 2011-01-09 16:09:23 ----D---- C:\WINDOWS\system32\CatRoot2 2011-01-09 15:19:27 ----SHD---- C:\WINDOWS\Installer 2011-01-09 15:19:26 ----D---- C:\WINDOWS\WinSxS 2011-01-09 15:19:08 ----D---- C:\Program Files\Common Files 2011-01-07 21:17:02 ----D---- C:\Documents and Settings\Mateusz\Dane aplikacji\foobar2000 2011-01-06 21:03:40 ----RSD---- C:\WINDOWS\assembly 2011-01-06 20:57:29 ----D---- C:\WINDOWS\Microsoft.NET 2011-01-06 20:06:10 ----D---- C:\Program Files\Mozilla Firefox 2011-01-06 19:11:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-01-06 19:11:09 ----D---- C:\WINDOWS\system32\pl-PL 2011-01-06 19:05:10 ----D---- C:\WINDOWS\system32\en-us 2011-01-05 15:24:07 ----D---- C:\WINDOWS\Minidump 2011-01-04 18:44:49 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-01-04 13:55:13 ----A---- C:\WINDOWS\DUMP2d97.tmp 2011-01-03 18:29:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files 2011-01-03 16:37:04 ----D---- C:\WINDOWS\system32\DirectX 2011-01-02 02:02:17 ----RSD---- C:\WINDOWS\Fonts 2011-01-02 01:26:06 ----D---- C:\WINDOWS\system 2010-12-29 20:29:29 ----HD---- C:\WINDOWS\inf 2010-12-29 20:29:25 ----D---- C:\WINDOWS\system32\CatRoot 2010-12-29 19:05:46 ----AC---- C:\WINDOWS\NeroDigital.ini 2010-12-28 18:16:51 ----D---- C:\Program Files\TibiaMovie 2010-12-25 00:23:48 ----AC---- C:\WINDOWS\system32\tcfg.ini 2010-12-24 23:08:38 ----D---- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibia 2010-12-23 21:23:04 ----D---- C:\Program Files\Ubisoft 2010-12-22 12:43:47 ----D---- C:\Program Files\TibiaBot NG 2010-12-18 13:43:43 ----HD---- C:\Program Files\InstallShield Installation Information 2010-12-18 12:34:32 ----D---- C:\Program Files\Tibia 2010-12-17 16:32:59 ----D---- C:\Program Files\Tibia 8.0 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2007-03-05 20880] R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600] R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2003-09-06 62656] R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944] R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-09-06 4832] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-01 691696] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-09-06 51744] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-08-28 111104] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R4 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [] R4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736] S3 aw7xotkx;aw7xotkx; C:\WINDOWS\system32\drivers\aw7xotkx.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496] S3 BthEnum;Sterownik Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] S3 BTHMODEM;Sterownik komunikacyjny modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Sterownik portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 275200] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-08-27 10345] S3 HidBth;Miniport Microsoft Bluetooth HID; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25728] S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2008-06-18 2307584] S3 maxD20081102;maxD20081102; \??\C:\Documents and Settings\Mateusz\Pulpit\imax\imax\max20081102.sys [] S3 Mkd2kfNt;Mkd2kfNt; C:\WINDOWS\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072] S3 Mkd2Nadr;Mkd2Nadr; C:\WINDOWS\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 NetHook_ControlCenter;ArtOfPing ControlCenter; \??\C:\Program Files\AutoTunnel GG\ControlCenter.sys [] S3 NetHook_Interceptor;ArtOfPing TDI Interceptor; \??\C:\Program Files\AutoTunnel GG\Interceptor.sys [] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-08 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104] R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-11-11 75064] S2 AntiVirUpgradeService;Avira Upgrade Service; C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\avupgsvc.exe /TEMPSTART:C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-02 135664] S2 Zwunzi Service;Zwunzi Service; C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe C:\Program Files\Zwunzi\zwunzi.dll Service [] S3 aspnet_state;„Usługa stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-12-13 4295152] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- [/log]
Tomek01 komentarz 9 stycznia 2011 komentarz 9 stycznia 2011 Cześć. Ciekawe czy wiesz skąd naściągałeś tyle tego syfu ? W trybie awaryjnym uruchamiasz OTL , w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe -- (Zwunzi Service) SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\avupgsvc.exe -- (AntiVirUpgradeService) FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 [2010-10-22 16:34:49 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com [2010-11-28 14:16:49 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\searchplugins\daemon-search.xml [2010-01-09 15:16:23 | 000,000,000 | ---D | M] (Zwunzi) -- C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\..\Toolbar\WebBrowser: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [eko] c:\sinf.com File not found O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O4 - HKLM..\Run: [Tibia Luz 77.2] C:\WINDOWS\System32\berseksvr.exe File not found O4 - HKU\S-1-5-21-220523388-1580436667-682003330-1004..\Run: [HKCU] C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\Svchost.exe (are28GV5N7L0Iyzwt63Nbdls3mookb) O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - File not found @Alternate Data Stream - 253 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8 :Files C:\Program Files\Common Files\logonInit.dll C:\Program Files\Common Files\UserInit.dll C:\Documents and Settings\Mateusz\Dane aplikacji\Mateuszlog.dat C:\WINDOWS\System32\cfnmbrbve0kukxua.dll C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6eba2e91f029.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core1cb6d9b331480b2.job C:\Program Files\BigSeekPro Toolbar C:\Program Files\DAEMON Tools Toolbar C:\WINDOWS\system32\28463\OJEA.exe c:\sinf.com C:\WINDOWS\system32\berseksvr.exe C:\WINDOWS\system32\WinDir C:\WINDOWS\system32\userini.exe C:\WINDOWS\DUMP2d97.tmp C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe C:\Program Files\Zwunzi\zwunzi.dll :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1BB22D38-A411-4B13-A746-C2A4F4EC7344}=- {32099AAC-C132-4136-9E9A-4E364A424E17}=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "OJEA Agent"=- "eko"=- "Tibia Luz 77.2"=- "HKLM"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "userini"=- "Policies"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HKCU"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "userini"=- "Policies"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit] :Services Zwunzi Service eko HKLM :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT F2 - REG:system.ini: UserInit=userinit.exe,[b]C:\WINDOWS\system\svchost.exe (usuwasz)[/b] Wejdź w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Zapis powinien wyglądać tak: [b]C:\Windows\system32\userinit.exe,[/b] Ten przecinek na końcu jest niezbędny ! Przeskanuj na virustotal poniższe pliki: C:\WINDOWS\System32\edacded0.dat C:\WINDOWS\System32\bcdadac7.xml Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i raporty pokaż na forum.
kijek28 komentarz 10 stycznia 2011 Autor komentarz 10 stycznia 2011 (edytowane) Jest taka sprawa że zanim zrobiłem to co trzeba to usunełem z rejestru "TAKIE COŚ" przez co mój komputer nie chciał sie opdalić i musiałem przywrócic system za pomocą płytki z windowsem. Komputer sie odpalił lecz wygląda jak po formacie lecz wszystkie pliki są. Po tej całej akcji zrobiłem dopiero to co mi kazałeś i nie wiem czy wyszło to tak jak chciałeś ale zobacz sam : Logi z usuwania [log]All processes killed ========== PROCESSES ========== Process Explorer.exe killed successfully! ========== OTL ========== Service Zwunzi Service stopped successfully! Service Zwunzi Service deleted successfully! File C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe not found. Service AntiVirUpgradeService stopped successfully! Service AntiVirUpgradeService deleted successfully! File C:\DOCUME~1\Mateusz\USTAWI~1\Temp\AVSETUP_4acd2260\basic\avupgsvc.exe not found. C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully. C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully. C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully. C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\extensions\DTToolbar@toolbarnet.com folder moved successfully. C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\mocssqvw.default\searchplugins\daemon-search.xml moved successfully. C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. C:\Program Files\BigSeekPro Toolbar\tbcore3.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. File C:\Program Files\BigSeekPro Toolbar\tbcore3.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry key HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. File C:\Program Files\BigSeekPro Toolbar\tbcore3.dll not found. Registry key HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eko not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM not found. C:\WINDOWS\system32\WinDir\Svchost.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tibia Luz 77.2 not found. Registry key HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\WINDOWS\system32\WinDir\Svchost.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run not found. File C:\WINDOWS\system32\WinDir\Svchost.exe not found. Registry key HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run not found. Registry key HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run not found. File C:\WINDOWS\system32\WinDir\Svchost.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit\ not found. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8 deleted successfully. ========== FILES ========== File\Folder C:\Program Files\Common Files\logonInit.dll not found. C:\Program Files\Common Files\userInit.dll moved successfully. C:\Documents and Settings\Mateusz\Dane aplikacji\Mateuszlog.dat moved successfully. C:\WINDOWS\System32\cfnmbrbve0kukxua.dll moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6eba2e91f029.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core1cb6d9b331480b2.job moved successfully. C:\Program Files\BigSeekPro Toolbar folder moved successfully. C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully. C:\Program Files\DAEMON Tools Toolbar folder moved successfully. File\Folder C:\WINDOWS\system32\28463\OJEA.exe not found. File\Folder c:\sinf.com not found. File\Folder C:\WINDOWS\system32\berseksvr.exe not found. C:\WINDOWS\system32\WinDir folder moved successfully. File\Folder C:\WINDOWS\system32\userini.exe not found. C:\WINDOWS\DUMP2d97.tmp moved successfully. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi135.exe not found. File\Folder C:\Program Files\Zwunzi\zwunzi.dll not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OJEA Agent not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eko not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tibia Luz 77.2 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit\ not found. ========== SERVICES/DRIVERS ========== Error: No service named Zwunzi Service was found to stop! Service\Driver key Zwunzi Service not found. Error: No service named eko was found to stop! Service\Driver key eko not found. Error: No service named HKLM was found to stop! Service\Driver key HKLM not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 163544 bytes ->FireFox cache emptied: 3073794 bytes User: Administrator.KIJEWSKI ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 983398 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Mateusz ->Temp folder emptied: 327349283 bytes ->Temporary Internet Files folder emptied: 16161718 bytes ->Java cache emptied: 107078154 bytes ->FireFox cache emptied: 75099283 bytes ->Google Chrome cache emptied: 5933204 bytes ->Flash cache emptied: 259321 bytes User: Mateusz.KIJEWSKI ->Temp folder emptied: 273814 bytes ->Temporary Internet Files folder emptied: 1155440 bytes ->FireFox cache emptied: 3255800 bytes ->Google Chrome cache emptied: 10440266 bytes ->Flash cache emptied: 707 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2212888 bytes %systemroot%\System32 .tmp files removed: 2839394 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1582240 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 532,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01102011_125256 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] OTL Extras [log]OTL Extras logfile created on: 2011-01-10 12:58:25 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16,60 Gb Total Space | 1,94 Gb Free Space | 11,66% Space Free | Partition Type: NTFS Drive D: | 57,92 Gb Total Space | 2,55 Gb Free Space | 4,41% Space Free | Partition Type: NTFS Computer Name: KIJEWSKI | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "57339:TCP" = 57339:TCP:*:Enabled:Pando Media Booster "57339:UDP" = 57339:UDP:*:Enabled:Pando Media Booster "57613:TCP" = 57613:TCP:*:Enabled:Pando Media Booster "57613:UDP" = 57613:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "57318:TCP" = 57318:TCP:*:Enabled:Pando Media Booster "57318:UDP" = 57318:UDP:*:Enabled:Pando Media Booster "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "57339:TCP" = 57339:TCP:*:Enabled:Pando Media Booster "57339:UDP" = 57339:UDP:*:Enabled:Pando Media Booster "57613:TCP" = 57613:TCP:*:Enabled:Pando Media Booster "57613:UDP" = 57613:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "C:\Program Files\Ronots Client\Tibia.exe" = C:\Program Files\Ronots Client\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Tibia 8.42\Tibia.exe" = C:\Program Files\Tibia 8.42\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia 8.5\Tibia.exe" = C:\Program Files\Tibia 8.5\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia\Tibia.exe" = C:\Program Files\Tibia\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Tibia 8.6\Tibia.exe" = C:\Program Files\Tibia 8.6\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Ronots 8.5\Tibia.exe" = C:\Program Files\Ronots 8.5\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "D:\Mateusz\BOTY DO TIBI\Valve\hl.exe" = D:\Mateusz\BOTY DO TIBI\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe" = D:\Mateusz\BOTY DO TIBI\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered) "C:\Program Files\Tibia 8.54\Tibia.exe" = C:\Program Files\Tibia 8.54\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe" = C:\Program Files\Black Sea Studios\Knights of Honor\KoH.exe:*:Enabled:KoH -- File not found "D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe" = D:\Mateusz\BOTY DO TIBI\Kopia Tibia 7.4\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1 -- (http://tibia.org.pl) "C:\Python26\pythonw.exe" = C:\Python26\pythonw.exe:*:Enabled:pythonw -- File not found "C:\Program Files\Swordia Client\Tibia.exe" = C:\Program Files\Swordia Client\Tibia.exe:*:Enabled:Tibia Player -- File not found "D:\Mateusz\TibiCAM\Release\TibiCAM.exe" = D:\Mateusz\TibiCAM\Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe" = D:\Mateusz\Nowy folder\FIlmy z tibi\Release\Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe" = D:\Download\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found "D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe" = D:\Mateusz\ots 7.6\Tibia\Tibia Black Ice v0.1.exe:*:Enabled:Tibia Black Ice v0.1 -- (http://tibia.org.pl) "C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe" = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\LoozikOTS\LoozikOTS\LoozikOTS.exe:*:Enabled:LoozikOTS -- File not found "C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe" = C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:removeit -- (InCode Solutions) "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" = C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator -- File not found "D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe" = D:\Mateusz\TibiCAM\Kopia Release\TibiCAM.exe:*:Enabled:TibiCAM -- () "C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\Program Files\Valve\cstrike.exe" = C:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered) "C:\Program Files\Tibia 8.55\Tibia.exe" = C:\Program Files\Tibia 8.55\Tibia.exe:*:Enabled:Tibia Player -- (CipSoft GmbH) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-10 05:46:47 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-10 06:03:00 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10418792. Error - 2011-01-10 06:03:00 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-10 07:23:45 | Computer Name = KIJEWSKI | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: Error - 2011-01-10 07:23:53 | Computer Name = KIJEWSKI | Source = Windows Product Activation | ID = 1012 Description = Z powodu zmian sprzętowych wykonanych na tym komputerze należy ponownie przeprowadzić aktywację tego produktu Windows. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data). Error - 2011-01-10 07:24:00 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:54:52 | Computer Name = KIJEWSKI | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: [ Application Events ] Error - 2011-01-10 05:46:47 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-10 06:03:00 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10418792. Error - 2011-01-10 06:03:00 | Computer Name = KIJEWSKI | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10488792. Error - 2011-01-10 07:23:45 | Computer Name = KIJEWSKI | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: Error - 2011-01-10 07:23:53 | Computer Name = KIJEWSKI | Source = Windows Product Activation | ID = 1012 Description = Z powodu zmian sprzętowych wykonanych na tym komputerze należy ponownie przeprowadzić aktywację tego produktu Windows. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:23:57 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3011 Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data). Error - 2011-01-10 07:24:00 | Computer Name = KIJEWSKI | Source = LoadPerf | ID = 3001 Description = Występująca w rejestrze wartość ciągu nazwy licznika wydajności jest niepoprawnie sformatowana. Nieprawdziwy ciąg to 2924, nieprawdziwa wartość indeksu to pierwszy wpis DWORD w sekcji danych (Data), a ostatnie prawidłowe wartości indeksu to drugi i trzeci wpis DWORD w sekcji danych. Error - 2011-01-10 07:54:52 | Computer Name = KIJEWSKI | Source = Avira AntiVir | ID = 4112 Description = An error occurred during a resource request to the Windows NT system. The resource <INIT11> has not been allocated. This could be due to an out-of-memory error or any other system failure. Returned error code: [ System Events ] Error - 2011-01-10 07:51:34 | Computer Name = KIJEWSKI | Source = sptd | ID = 262148 Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error - 2011-01-10 07:51:52 | Computer Name = KIJEWSKI | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 2011-01-10 07:51:59 | Computer Name = KIJEWSKI | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-01-10 07:53:01 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-01-10 07:53:01 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-01-10 07:53:01 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-01-10 07:53:01 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss sptd ssmdrv Tcpip Error - 2011-01-10 07:54:06 | Computer Name = KIJEWSKI | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-01-10 07:56:29 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). Error - 2011-01-10 07:56:29 | Computer Name = KIJEWSKI | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: %%1053 < End of report > [/log] OTL [log]OTL logfile created on: 2011-01-10 12:58:25 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16,60 Gb Total Space | 1,94 Gb Free Space | 11,66% Space Free | Partition Type: NTFS Drive D: | 57,92 Gb Total Space | 2,55 Gb Free Space | 4,41% Space Free | Partition Type: NTFS Computer Name: KIJEWSKI | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-01-10 12:39:15 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2011-01-10 12:39:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2011-01-10 12:27:27 | 002,984,856 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe PRC - [2010-12-09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-11-11 21:53:02 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-10-08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe PRC - [2010-04-04 07:59:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-10-08 12:39:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 13:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 13:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 13:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE PRC - [2004-08-04 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 13:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2004-08-04 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2003-08-18 15:37:10 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE PRC - [2003-08-18 15:32:56 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe MOD - [2006-09-23 12:13:02 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 13:00:00 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 13:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 13:00:00 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 13:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 13:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 13:00:00 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 13:00:00 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 13:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 13:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 13:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 13:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 13:00:00 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2004-08-04 13:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 13:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 13:00:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-04 13:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004-08-04 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 13:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Mateusz\Pulpit\imax\imax\max20081102.sys -- (maxD20081102) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010-08-27 12:10:25 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010-04-01 22:37:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-07 21:18:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-08-18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-10-17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt) DRV - [2008-10-17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV - [2008-08-28 08:40:40 | 000,111,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-06-18 06:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx) DRV - [2008-03-22 21:41:56 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\Interceptor.sys -- (NetHook_Interceptor) DRV - [2008-02-15 06:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008-02-10 22:05:02 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\ControlCenter.sys -- (NetHook_ControlCenter) DRV - [2007-05-11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007-05-09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007-03-05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007-03-05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007-03-05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007-03-05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum) DRV - [2007-03-05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007-03-05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003-09-06 14:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-09-06 13:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 13:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}:1.0 [2011-01-10 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla\Extensions [2011-01-10 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla\Firefox\Profiles\3a033x1h.default\extensions [2010-10-23 09:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} [2006-06-03 17:43:22 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2008-04-03 18:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2007-03-31 18:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2006-06-03 17:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2008-03-28 22:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2007-01-05 12:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.251.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-07 23:01:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-09-25 13:02:55 | 000,148,118 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\MIKSOFT [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\MIKSOFT [2012-06-05 18:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibia 8.57 [2012-06-05 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia 8.57 [2012-06-03 12:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\IVT BlueSoleil [2012-06-03 12:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation [2012-05-30 11:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2012-05-28 17:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.55 [2012-05-26 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.57 [2012-05-26 20:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.57 [2012-05-08 20:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Firefly Studios [2012-05-03 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012-04-20 12:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2012-04-16 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.55 [2011-01-10 13:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp [2011-01-10 12:52:56 | 000,000,000 | ---D | C] -- C:\_OTL [2011-01-10 12:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Downloads [2011-01-10 12:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Mozilla [2011-01-10 12:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla [2011-01-10 12:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Google Chrome [2011-01-10 12:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Temp [2011-01-10 12:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google [2011-01-10 12:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Adobe [2011-01-10 12:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\cache [2011-01-10 12:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Macromedia [2011-01-10 12:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Gadu-Gadu 10 [2011-01-10 12:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Ventrilo [2011-01-10 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE! [2011-01-10 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\PMB Files [2011-01-10 12:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Pando_Temp [2011-01-10 12:26:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Moje obrazy [2011-01-10 12:26:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Moja muzyka [2011-01-10 12:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Identities [2011-01-10 12:23:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Microsoft [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\SendTo [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Recent [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ulubione [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Autostart [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Akcesoria [2011-01-10 12:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Cookies [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Szablony [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\PrintHood [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\NetHood [2011-01-10 12:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit [2011-01-10 12:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-01-09 20:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Eidos Interactive [2011-01-09 20:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive [2011-01-09 20:09:10 | 000,000,000 | ---D | C] -- C:\Download [2011-01-09 20:08:54 | 000,000,000 | ---D | C] -- C:\Nexon [2011-01-09 18:18:40 | 000,000,000 | ---D | C] -- C:\rsit [2011-01-09 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2011-01-04 07:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\AutoTunnel GG [2011-01-04 07:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2011-01-02 02:03:45 | 004,295,152 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\launcher [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Data [2011-01-01 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 7.6 [2011-01-01 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 7.6 [2011-01-01 22:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lavalys [2011-01-01 22:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\id Software [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-12-29 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\SuperMemo UX [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SuperMemo UX [2010-12-27 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-12-23 22:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kolekcja Klasyki [2010-12-23 21:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EasyCleaner [2010-12-18 13:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Expert [2010-12-18 12:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 8.0 [2010-12-18 12:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 8.0 [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaTek Bot DevTeam [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaTek Bot [2010-12-18 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2010-12-06 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kopia ElfBot NG 8.5 [2010-12-05 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ WTL71 [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG [2010-12-04 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinHex [2010-11-29 14:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blackd Tools [2010-11-28 14:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2010-11-28 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-28 14:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-11-28 14:12:46 | 000,000,000 | RH-D | C] -- C:\AHCache [2010-11-28 14:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010-11-19 14:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\remove [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Demonic Applications [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DatEditor [2010-11-11 15:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GameBoost [2010-11-11 15:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameBoost [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-06-03 12:54:03 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0 [2012-06-03 12:49:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0 [2012-05-01 21:18:39 | 000,000,020 | ---- | M] () -- C:\WINDOWS\naglos.INI [2011-01-10 12:54:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-10 12:41:18 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit\Google Chrome.lnk [2011-01-10 12:39:16 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core.job [2011-01-10 12:35:12 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-10 12:26:39 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-10 12:26:39 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2011-01-10 12:24:23 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011-01-10 12:24:01 | 000,556,402 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-01-10 12:24:01 | 000,493,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-01-10 12:24:01 | 000,104,994 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-01-10 12:24:00 | 000,084,110 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-01-10 12:23:32 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-10 12:13:45 | 023,330,816 | ---- | M] () -- C:\WINDOWS\SOFTWARE [2011-01-10 12:13:45 | 009,175,040 | ---- | M] () -- C:\WINDOWS\System\system [2011-01-10 07:40:07 | 000,000,110 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini [2011-01-09 16:41:48 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2010-12-29 19:05:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-12-25 00:23:48 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\tcfg.ini [2010-12-18 13:27:42 | 000,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-12-17 16:32:59 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2010-11-28 14:16:47 | 000,001,613 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite.lnk [2010-11-24 17:59:04 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-11-24 17:58:42 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-11-11 16:03:34 | 000,000,060 | ---- | M] () -- C:\WINDOWS\window-title-changer.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-05 18:12:55 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2012-06-03 12:49:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0 [2012-06-03 12:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0 [2012-05-01 21:18:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2011-01-10 12:41:18 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit\Google Chrome.lnk [2011-01-10 12:39:16 | 000,001,106 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core.job [2011-01-10 12:35:00 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-10 07:40:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini [2011-01-09 16:41:40 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2010-12-18 13:27:42 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-11-28 14:12:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-11-06 16:51:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\window-title-changer.INI [2010-10-22 16:34:43 | 000,001,613 | ---- | C] () -- C:\Program Files\DAEMON Tools Lite [2010-04-12 18:10:46 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll [2010-04-01 22:37:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-02 22:29:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-03-02 22:29:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-03-02 22:29:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-13 16:15:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009-12-12 14:30:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Wwp.INI [2009-12-10 08:57:07 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI [2009-12-07 16:15:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009-11-28 12:10:03 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2009-11-22 14:28:06 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\packet.dll [2009-11-20 13:34:39 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-17 21:07:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-24 19:49:39 | 000,071,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-20 19:22:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-10-18 12:36:58 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-08 09:24:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2009-10-08 09:24:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2009-10-08 09:24:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2009-10-08 09:24:11 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2009-10-08 00:53:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-10-07 23:23:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1504.dll [color=#E56717]========== LOP Check ==========[/color] [2012-06-03 12:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2010-11-28 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-04-01 22:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-03-25 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-29 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies [2010-12-30 02:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2011-01-04 07:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2010-10-13 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-01-03 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2011-01-09 16:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2009-10-24 22:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2011-01-09 16:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-10-24 20:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Toolbar4 [2011-01-04 16:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ArtOfPing [2010-11-11 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Azureus [2010-01-07 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Black Sea Studios [2010-11-28 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Canneverbe Limited [2010-04-01 22:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DAEMON Tools Lite [2009-11-17 14:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBKO [2010-12-08 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBV [2009-11-21 16:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Ek [2011-01-09 20:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\foobar2000 [2009-12-09 23:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Free Sound Recorder [2010-08-22 13:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10 [2009-10-20 18:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\id Software [2010-07-20 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\KingAge [2010-08-27 17:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\LoDB [2010-08-07 22:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\maxup [2009-11-27 20:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mumble [2010-10-27 17:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nokia Multimedia Player [2009-10-08 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nowe Gadu-Gadu [2010-11-28 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenCandy [2010-02-28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenFM [2009-10-24 22:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Publish Providers [2009-11-25 14:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Remere's Map Editor [2009-10-26 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony [2009-10-24 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony Setup [2010-12-28 14:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\SuperMemo World [2010-12-24 23:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibia [2010-04-06 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibiacast [2011-01-09 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\TrojanHunter [2009-12-02 20:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\WoDBO [2011-01-10 12:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Gadu-Gadu 10 [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] RSIT log [log]OTL logfile created on: 2011-01-10 12:58:25 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 16,60 Gb Total Space | 1,94 Gb Free Space | 11,66% Space Free | Partition Type: NTFS Drive D: | 57,92 Gb Total Space | 2,55 Gb Free Space | 4,41% Space Free | Partition Type: NTFS Computer Name: KIJEWSKI | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-01-10 12:39:15 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2011-01-10 12:39:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2011-01-10 12:27:27 | 002,984,856 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe PRC - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe PRC - [2010-12-09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-11-11 21:53:02 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2010-10-08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe PRC - [2010-04-04 07:59:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-10-08 12:39:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 13:00:00 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 13:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 13:00:00 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE PRC - [2004-08-04 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 13:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2004-08-04 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2003-08-18 15:37:10 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE PRC - [2003-08-18 15:32:56 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-01-09 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mateusz\Moje dokumenty\Downloads\OTL.exe MOD - [2006-09-23 12:13:02 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 13:00:00 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 13:00:00 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 13:00:00 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 13:00:00 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 13:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 13:00:00 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 13:00:00 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 13:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 13:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 13:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 13:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 13:00:00 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2004-08-04 13:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 13:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 13:00:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-04 13:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004-08-04 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 13:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 13:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 13:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Mateusz\Pulpit\imax\imax\max20081102.sys -- (maxD20081102) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - [2010-08-27 12:10:25 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010-04-01 22:37:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-07 21:18:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-08-18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-10-17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt) DRV - [2008-10-17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV - [2008-08-28 08:40:40 | 000,111,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-06-18 06:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx) DRV - [2008-03-22 21:41:56 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\Interceptor.sys -- (NetHook_Interceptor) DRV - [2008-02-15 06:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008-02-10 22:05:02 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\AutoTunnel GG\ControlCenter.sys -- (NetHook_ControlCenter) DRV - [2007-05-11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007-05-09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007-03-05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007-03-05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007-03-05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007-03-05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum) DRV - [2007-03-05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007-03-05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003-09-06 14:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-09-06 13:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 13:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.14.223.198:6588 IE - HKU\S-1-5-21-220523388-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}:1.0 [2011-01-10 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla\Extensions [2011-01-10 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla\Firefox\Profiles\3a033x1h.default\extensions [2010-10-23 09:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} [2006-06-03 17:43:22 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2008-04-03 18:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2007-03-31 18:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2006-06-03 17:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2008-03-28 22:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2007-01-05 12:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.251.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-07 23:01:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-09-25 13:02:55 | 000,148,118 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\MIKSOFT [2012-06-13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\MIKSOFT [2012-06-05 18:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibia 8.57 [2012-06-05 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia 8.57 [2012-06-03 12:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\IVT BlueSoleil [2012-06-03 12:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation [2012-05-30 11:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2012-05-28 17:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.55 [2012-05-26 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ElfBot NG 8.57 [2012-05-26 20:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.57 [2012-05-08 20:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Firefly Studios [2012-05-03 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012-04-20 12:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2012-04-16 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.55 [2011-01-10 13:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp [2011-01-10 12:52:56 | 000,000,000 | ---D | C] -- C:\_OTL [2011-01-10 12:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Downloads [2011-01-10 12:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Mozilla [2011-01-10 12:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Mozilla [2011-01-10 12:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Google Chrome [2011-01-10 12:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Temp [2011-01-10 12:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Google [2011-01-10 12:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Adobe [2011-01-10 12:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\cache [2011-01-10 12:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Macromedia [2011-01-10 12:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Gadu-Gadu 10 [2011-01-10 12:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Ventrilo [2011-01-10 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE! [2011-01-10 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\PMB Files [2011-01-10 12:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Pando_Temp [2011-01-10 12:26:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Moje obrazy [2011-01-10 12:26:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty\Moja muzyka [2011-01-10 12:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Identities [2011-01-10 12:23:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Microsoft [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\SendTo [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Recent [2011-01-10 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ulubione [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Moje dokumenty [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Autostart [2011-01-10 12:23:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Menu Start\Programy\Akcesoria [2011-01-10 12:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Cookies [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Szablony [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\PrintHood [2011-01-10 12:23:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\NetHood [2011-01-10 12:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit [2011-01-10 12:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\Microsoft [2011-01-09 20:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Eidos Interactive [2011-01-09 20:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive [2011-01-09 20:09:10 | 000,000,000 | ---D | C] -- C:\Download [2011-01-09 20:08:54 | 000,000,000 | ---D | C] -- C:\Nexon [2011-01-09 18:18:40 | 000,000,000 | ---D | C] -- C:\rsit [2011-01-09 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2011-01-04 07:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\AutoTunnel GG [2011-01-04 07:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2011-01-02 02:03:45 | 004,295,152 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\launcher [2011-01-02 01:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Data [2011-01-01 23:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 7.6 [2011-01-01 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 7.6 [2011-01-01 22:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lavalys [2011-01-01 22:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\id Software [2010-12-30 02:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-12-29 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\SuperMemo UX [2010-12-28 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SuperMemo UX [2010-12-27 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-12-23 22:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kolekcja Klasyki [2010-12-23 21:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts [2010-12-18 13:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EasyCleaner [2010-12-18 13:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Expert [2010-12-18 12:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG 8.0 [2010-12-18 12:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG 8.0 [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaTek Bot DevTeam [2010-12-18 12:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaTek Bot [2010-12-18 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2010-12-06 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kopia ElfBot NG 8.5 [2010-12-05 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ WTL71 [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2010-12-04 13:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TibiaBot NG [2010-12-04 12:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinHex [2010-11-29 14:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blackd Tools [2010-11-28 14:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2010-11-28 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-11-28 14:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-11-28 14:12:46 | 000,000,000 | RH-D | C] -- C:\AHCache [2010-11-28 14:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010-11-19 14:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\remove [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Demonic Applications [2010-11-12 22:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DatEditor [2010-11-11 15:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GameBoost [2010-11-11 15:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameBoost [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-06-03 12:54:03 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0 [2012-06-03 12:49:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0 [2012-05-01 21:18:39 | 000,000,020 | ---- | M] () -- C:\WINDOWS\naglos.INI [2011-01-10 12:54:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-10 12:41:18 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit\Google Chrome.lnk [2011-01-10 12:39:16 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core.job [2011-01-10 12:35:12 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-10 12:26:39 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-10 12:26:39 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2011-01-10 12:24:23 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2011-01-10 12:24:01 | 000,556,402 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-01-10 12:24:01 | 000,493,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-01-10 12:24:01 | 000,104,994 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-01-10 12:24:00 | 000,084,110 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-01-10 12:23:32 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-10 12:13:45 | 023,330,816 | ---- | M] () -- C:\WINDOWS\SOFTWARE [2011-01-10 12:13:45 | 009,175,040 | ---- | M] () -- C:\WINDOWS\System\system [2011-01-10 07:40:07 | 000,000,110 | ---- | M] () -- C:\WINDOWS\System32\msexcr.ini [2011-01-09 16:41:48 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2010-12-29 19:05:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-12-25 00:23:48 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\tcfg.ini [2010-12-18 13:27:42 | 000,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-12-17 16:32:59 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2010-12-13 00:26:00 | 004,295,152 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des [2010-11-28 14:16:47 | 000,001,613 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite.lnk [2010-11-24 17:59:04 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-11-24 17:58:42 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-11-11 16:03:34 | 000,000,060 | ---- | M] () -- C:\WINDOWS\window-title-changer.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-05 18:12:55 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2012-06-03 12:49:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0 [2012-06-03 12:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0 [2012-05-01 21:18:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2011-01-10 12:41:18 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Pulpit\Google Chrome.lnk [2011-01-10 12:39:16 | 000,001,106 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1580436667-682003330-1004Core.job [2011-01-10 12:35:00 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Mateusz.KIJEWSKI\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-10 07:40:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini [2011-01-09 16:41:40 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2010-12-18 13:27:42 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat [2010-12-18 13:27:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml [2010-11-28 14:12:23 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-11-06 16:51:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\window-title-changer.INI [2010-10-22 16:34:43 | 000,001,613 | ---- | C] () -- C:\Program Files\DAEMON Tools Lite [2010-04-12 18:10:46 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll [2010-04-01 22:37:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-02 22:29:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-03-02 22:29:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-03-02 22:29:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-13 16:15:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009-12-12 14:30:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Wwp.INI [2009-12-10 08:57:07 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI [2009-12-07 16:15:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009-11-28 12:10:03 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\tcfg.ini [2009-11-22 14:28:06 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\packet.dll [2009-11-20 13:34:39 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-17 21:07:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-24 19:49:39 | 000,071,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-20 19:22:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-10-18 12:36:58 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-08 09:24:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2009-10-08 09:24:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2009-10-08 09:24:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2009-10-08 09:24:11 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2009-10-08 00:53:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-10-07 23:23:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1504.dll [color=#E56717]========== LOP Check ==========[/color] [2012-06-03 12:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2010-11-28 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-04-01 22:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-03-25 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-29 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies [2010-12-30 02:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2011-01-04 07:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2010-10-13 14:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-01-03 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2011-01-09 16:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan [2009-10-24 22:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2011-01-09 16:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-10-24 20:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Toolbar4 [2011-01-04 16:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\ArtOfPing [2010-11-11 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Azureus [2010-01-07 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Black Sea Studios [2010-11-28 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Canneverbe Limited [2010-04-01 22:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DAEMON Tools Lite [2009-11-17 14:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBKO [2010-12-08 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\DBV [2009-11-21 16:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Ek [2011-01-09 20:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\foobar2000 [2009-12-09 23:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Free Sound Recorder [2010-08-22 13:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Gadu-Gadu 10 [2009-10-20 18:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\id Software [2010-07-20 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\KingAge [2010-08-27 17:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\LoDB [2010-08-07 22:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\maxup [2009-11-27 20:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mumble [2010-10-27 17:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nokia Multimedia Player [2009-10-08 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nowe Gadu-Gadu [2010-11-28 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenCandy [2010-02-28 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\OpenFM [2009-10-24 22:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Publish Providers [2009-11-25 14:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Remere's Map Editor [2009-10-26 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony [2009-10-24 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Sony Setup [2010-12-28 14:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\SuperMemo World [2010-12-24 23:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibia [2010-04-06 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Tibiacast [2011-01-09 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\TrojanHunter [2009-12-02 20:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\WoDBO [2011-01-10 12:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz.KIJEWSKI\Dane aplikacji\Gadu-Gadu 10 [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] Musze tez sie przyznać że nie rozumiem co mam tam zrobić dalej [i]"F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe (usuwasz) Wejdź w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Zapis powinien wyglądać tak: C:\Windows\system32\userinit.exe, Ten przecinek na końcu jest niezbędny !"[/i] Tej częsci Twojego posta zupełnie nie rozumiem własnie przez to że nie wiedziałem o co chodzi musiałem sobie przywracać system ; p Wiem że jestem chyba "trudnym przypadkiem" ale myśle że damy sobie rade : D Dziekuje za pomoc która już mi udzieliłeś i czekam na kolejnego posta z instrukcjami. : )
Tomek01 komentarz 10 stycznia 2011 komentarz 10 stycznia 2011 "F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe (usuwasz) Wejdź w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [size="3"][b]Zapis powinien pozostać tak[/b][/size]: C:\Windows\system32\userinit.exe, [b]tylko resztę miałeś usunąć[/b]. Nie widzę loga RSIT. Dałeś 2 logi OTL. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i raporty pokaż na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.