x-kom hosting

[Rozwiązany] qooqle.com - prosba o usunięcie

bartek1136
utworzono
utworzono

Witam,

Widze ze ostatnio to popularny problem, gdy otwieram przegladarke (chrome) zawsze idzie mi do qooqle.com zamiast do domyslnej strony.. Dodatkowo po kazdym restarcie kompa przegladarka wraca do domyslnych ustawien... Probowalem malware bytes , ktory to wykryl ale po reboocie qooqle nie zniknal. Prosilbym o pomoc, z gory dzieki


[log]

OTL logfile created on: 2011-02-01 17:34:01 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 43,05 Gb Free Space | 44,09% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 129,26 Gb Free Space | 35,12% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2011-01-08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-11-02 05:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-10-12 08:38:07 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2010-10-12 08:37:27 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-08-21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-09 15:20:06 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-05-13 16:20:46 | 000,421,888 | ---- | M] (Solid State Networks) -- F:\Gry\LoL gra\lol.launcher.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (KiesAllShare)
SRV - [2010-09-22 20:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-08-16 07:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-12 12:29:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-07-09 12:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009-12-22 06:07:36 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-06-09 05:37:08 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009-05-22 19:03:40 | 002,361,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-05-13 12:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007-12-17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-04-03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007-01-31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007-01-18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005-02-11 09:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-02-11 09:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 09:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 09:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 09:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Readar_sl] C:\Users\Bartek\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()
O4 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Sony Ericsson PC Suite[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-01-30 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\EA Games
[2011-01-30 03:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\searchplugins
[2011-01-29 16:09:34 | 000,311,296 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\Bartek\AppData\Roaming\Readar_sl.exe
[2011-01-27 14:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Malwarebytes
[2011-01-27 14:12:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-01-27 14:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-27 14:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-01-27 14:12:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-01-27 14:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-27 13:56:03 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011-01-27 13:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011-01-22 17:48:13 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2011-01-22 17:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\PMB Files
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-01-22 17:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011-01-22 16:56:28 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\Deluxe Ski Jump 4
[2011-01-22 16:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-22 16:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2011-01-13 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2011-01-12 21:35:47 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2011-01-12 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Cooliris
[2011-01-08 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011-01-06 12:43:04 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\Nowy folder
[2011-01-01 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\SpacialAudio
[2011-01-01 18:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SpacialAudio
[2011-01-01 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\VirtualDJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010-12-29 09:40:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-12-26 21:11:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\skypePM
[2010-12-26 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Skype
[2010-12-26 20:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-12-19 20:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-12-18 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\THQ
[2010-12-18 16:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Saints Row 2
[2010-12-18 16:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2010-12-13 18:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2010-12-13 18:02:25 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\The Walking Dead 1-69
[2010-12-10 12:11:50 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Two Worlds II
[2010-12-10 12:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
[2010-12-07 09:45:35 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2010-08-24 11:22:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe48F4.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-01 17:34:36 | 000,339,991 | ---- | M] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-02-01 17:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000UA.job
[2011-02-01 17:15:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 17:15:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 17:12:56 | 000,710,632 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-01 17:12:56 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-01 17:12:56 | 000,141,554 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-01 17:12:56 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-01 17:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-01 17:08:39 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-31 19:45:35 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000Core.job
[2011-01-31 10:34:38 | 000,062,605 | ---- | M] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 21:36:40 | 203,854,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-01-30 19:38:44 | 000,052,232 | ---- | M] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-29 16:09:58 | 008,180,224 | RHS- | M] () -- C:\ProgramData\TunesHelper.exe
[2011-01-29 16:09:58 | 000,311,296 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\Bartek\AppData\Roaming\Readar_sl.exe
[2011-01-27 14:12:22 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:09 | 000,140,282 | ---- | M] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:05 | 000,062,455 | ---- | M] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | M] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:37 | 002,035,229 | ---- | M] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011-01-02 17:10:48 | 000,416,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-12-29 11:15:25 | 000,150,524 | ---- | M] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-26 21:11:03 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-12-19 22:36:58 | 000,001,242 | ---- | M] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-01 17:35:00 | 000,339,991 | ---- | C] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-01-31 10:34:41 | 000,062,605 | ---- | C] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 19:38:47 | 000,052,232 | ---- | C] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-29 16:09:34 | 008,180,224 | RHS- | C] () -- C:\ProgramData\TunesHelper.exe
[2011-01-27 14:12:22 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:12 | 000,140,282 | ---- | C] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:08 | 000,062,455 | ---- | C] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | C] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:18 | 002,035,229 | ---- | C] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010-12-29 11:15:25 | 000,150,524 | ---- | C] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-29 09:40:20 | 203,854,088 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-12-26 21:11:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-19 22:36:58 | 000,001,242 | ---- | C] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:16 | 524,288,000 | ---- | C] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | C] () -- C:\treeinfo.wc
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-10-03 19:52:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-10-03 19:52:37 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-09-22 19:09:41 | 000,000,017 | ---- | C] () -- C:\Users\Bartek\AppData\Local\resmon.resmoncfg
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Users\Bartek\AppData\Roaming\PnkBstrK.sys
[2010-08-28 17:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-08-28 17:20:32 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-08-28 17:20:32 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-08-28 17:20:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-08-28 17:20:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-08-28 08:45:56 | 000,003,584 | ---- | C] () -- C:\Users\Bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 12:29:26 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-08-12 12:13:05 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010-08-12 12:13:05 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010-08-12 12:11:10 | 000,022,562 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010-08-12 12:10:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-12 12:10:14 | 000,017,689 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-05-13 12:11:34 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007-04-03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-10-09 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\2K Sports
[2010-08-22 11:34:22 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Audacity
[2010-10-28 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\BESTplayer
[2010-09-03 01:06:11 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Bioshock2
[2010-10-03 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\DAEMON Tools Lite
[2011-01-31 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\foobar2000
[2010-08-12 12:32:43 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Gadu-Gadu 10
[2010-12-07 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2011-01-22 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2010-08-12 12:23:45 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Opera
[2010-10-03 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\PC Suite
[2011-01-13 23:33:09 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2010-12-13 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Samsung
[2010-11-12 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Sports Interactive
[2010-11-28 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Ubisoft
[2011-01-31 19:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\uTorrent
[2010-11-05 19:18:36 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-10-03 19:50:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-11-13 11:00:56 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-02-01 17:08:39 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-07 15:34:34 | 000,007,526 | ---- | M] () -- C:\mksbasel.cpp.log
[2011-02-01 17:08:42 | 3488,735,232 | -HS- | M] () -- C:\pagefile.sys
[2010-08-12 12:12:19 | 000,001,855 | ---- | M] () -- C:\RHDSetup.log
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc
[3 C:\*.tmp files -> C:\*.tmp -> ]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >
_____________________________________________________________________________________________________________-


OTL Extras logfile created on: 2011-02-01 17:34:01 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 43,05 Gb Free Space | 44,09% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 129,26 Gb Free Space | 35,12% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1DD0268-4069-4D39-B6D2-E00DB50CA9C4}" = League of Legends
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"Fallout New Vegas_is1" = Fallout New Vegas
"foobar2000" = foobar2000 v1.1
"Football Manager 2011" = Football Manager 2011
"Gadu-Gadu 10" = Gadu-Gadu 10
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"MoorHunt_is1" = MoorHunt 0.6.7.2
"MWSnap 3" = MWSnap 3
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.6
"PunkBusterSvc" = PunkBuster Services
"SkanerOnline" = Skaner on-line mks_vir
"SopCast" = SopCast 3.2.9
"Two Worlds II" = Two Worlds II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"vShare" = vShare Plugin
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-20 15:37:51 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: rundll32.exe_srrstr.dll, wersja:
6.1.7600.16385, sygnatura czasowa: 0x4a5bc637 Nazwa modułu powodującego błąd: VSSAPI.DLL,
wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb24 Kod wyjątku: 0xc0000006 Przesunięcie
błędu: 0x00083103 Identyfikator procesu powodującego błąd: 0x69c Godzina uruchomienia
aplikacji powodującej błąd: 0x01cbb95d68e44377 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\rundll32.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\VSSAPI.DLL
Identyfikator
raportu: bb225db9-2550-11e0-9a87-90e6ba6c9154

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku C:\Windows\System32\vssapi.dll
z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem,
na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi
na tym komputerze; brak dysku. System Windows zamknął program Proces hosta systemu
Windows (Rundll32) z powodu tego błędu. Program: Proces hosta systemu Windows (Rundll32)
Plik:
C:\Windows\System32\vssapi.dll Wartość błędu jest wyświetlona w sekcji Dodatkowe
dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym
problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal
nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien
sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
-
jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały
dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: C0000185 Typ dysku: 3

Error - 2011-01-23 10:22:28 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-25 08:04:38 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-27 11:09:15 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 06:52:08 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 22:56:26 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

Error - 2011-01-30 16:37:27 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = DCOM | ID = 10005
Description =

Error - 2011-01-31 13:12:25 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 13:48:26 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 14:24:23 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =


< End of report >
_______________________________________________________________________________________________________


info.txt logfile of random's system information tool 1.08 2011-02-01 17:35:11

======Uninstall list======

-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" "1033" "0"
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3DMark Vantage-->"C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Call of Duty Modern Warfare 2-->"F:\Gry\Modern Warfare 2\unins000.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe"
EVGA Precision 1.9.6-->"C:\Program Files\EVGA Precision\uninstall.exe"
F1 2010-->MsiExec.exe /I{434D0831-A4CC-401A-9E74-621000018401}
Fallout New Vegas-->"F:\Gry\Fallout New Vegas\unins000.exe"
foobar2000 v1.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Football Manager 2011-->"F:\Gry\fm2011\Uninstall_Football Manager 2011\Uninstall Football Manager 2011.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Grand Theft Auto: Episodes from Liberty City-->MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MoorHunt 0.6.7.2-->"C:\Program Files\MoorHunt\unins000.exe"
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Opera 10.62-->MsiExec.exe /X{18E65799-76BD-46EF-9E53-972FE5A40736}
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054}
PunkBuster Services-->C:\Windows\system32\pbsvc_moh.exe -u --language=pl
Rapture3D 2.4.4 Game-->"C:\Program Files\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe
Skaner on-line mks_vir-->C:\Windows\system32\SkanerOnlineUninstall.exe
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab CYRI-->MsiExec.exe /I{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}
Two Worlds II-->F:\Gry\Two Worlds 2\Two Worlds II\Uninstall.exe
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
vShare Plugin-->C:\Program Files\vShare\UNINSTALL.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Distributed Link Tracking Client weszła w stan stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Security Center weszła w stan stopped.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Desktop Window Manager Session Manager weszła w stan stopped.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Diagnostic Policy Service weszła w stan stopped.
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Microsoft Software Shadow Copy Provider weszła w stan stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Pakiet błędów , typ 0
Nazwa zdarzenia: PnPRequestAdditionalSoftware
Odpowiedź: Niedostępny
Identyfikator pliku Cab: 0

Sygnatura problemu:
P1: x86
P2: USB\VID_04F3&PID_0230&REV_2458
P3: 6.1.0.0
P4: 0415
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Dołączone pliki:

Te pliki mogą być dostępne tutaj:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_5f34203b36e5ccc07eba6f8ac3ce8ab4d50813c_cab_06b50e80

Symbol analizy:
Ponowne sprawdzanie rozwiązania: 0
Identyfikator raportu: 54c860ee-a600-11df-b0da-db5781c4ec55
Stan raportu: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100812105700.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100812105658.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100812105654.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100812105650.922102-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100812105651.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: Bartek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x649b92

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 15056
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026164752.550426-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x649ba1
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: -LAP
Adres źródłowy sieci: 192.168.1.104
Port źródłowy: 59002

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 128

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 15055
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026164737.789581-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x649b92
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: -LAP
Adres źródłowy sieci: 192.168.1.104
Port źródłowy: 59001

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 128

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 15054
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026164737.748579-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x645fd0

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 15053
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026163713.379867-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x645fd0
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: POETRIA
Adres źródłowy sieci: 192.168.1.102
Port źródłowy: 4383

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 15052
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026163703.599308-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------
_____________________________________________________________________________________________________________________


Logfile of random's system information tool 1.08 (written by random/random)
Run by Bartek at 2011-02-01 17:35:06
Microsoft Windows 7 Ultimate
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 3327 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:35:10, on 2011-02-01
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Gry\LoL gra\lol.launcher.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
F:\Downloads\OTL.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bartek\Desktop\RSIT.exe
C:\Program Files\trend micro\Bartek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TunesHelper] %ALLUSERSPROFILE%\TunesHelper.exe
O4 - HKLM\..\Run: [Readar_sl] %APPDATA%\Readar_sl.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6631 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"TunesHelper"=C:\ProgramData\TunesHelper.exe [2011-01-29 8180224]
"Readar_sl"=C:\Users\Bartek\AppData\Roaming\Readar_sl.exe [2011-01-29 311296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-01-13 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office14\ONENOTEM.EXE [2010-03-29 227712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-01 17:35:06 ----D---- C:\rsit
2011-02-01 17:35:06 ----D---- C:\Program Files\trend micro
2011-01-30 21:36:38 ----A---- C:\Windows\ntbtlog.txt
2011-01-29 16:09:34 ----RASH---- C:\Users\Bartek\AppData\Roaming\Readar_sl.exe
2011-01-29 16:09:34 ----RASH---- C:\ProgramData\TunesHelper.exe
2011-01-27 14:12:46 ----D---- C:\Users\Bartek\AppData\Roaming\Malwarebytes
2011-01-27 14:12:22 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-01-27 14:12:21 ----D---- C:\ProgramData\Malwarebytes
2011-01-27 14:12:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-27 14:12:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-01-27 13:56:03 ----A---- C:\Windows\system32\drivers\pavboot.sys
2011-01-27 13:56:02 ----D---- C:\Program Files\Panda Security
2011-01-22 17:48:13 ----D---- C:\Users\Bartek\AppData\Roaming\LolClient
2011-01-22 17:41:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-22 17:41:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-22 17:41:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-22 17:03:57 ----D---- C:\ProgramData\PMB Files
2011-01-22 17:03:47 ----D---- C:\Program Files\Pando Networks
2011-01-22 16:56:12 ----D---- C:\Program Files\Deluxe Ski Jump 4
2011-01-13 23:33:09 ----D---- C:\Users\Bartek\AppData\Roaming\Rovio
2011-01-12 19:13:45 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaws.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaw.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\java.exe
2011-01-08 17:22:01 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2011-02-01 17:35:10 ----D---- C:\Windows\Prefetch
2011-02-01 17:35:07 ----D---- C:\Windows\Temp
2011-02-01 17:35:06 ----RD---- C:\Program Files
2011-02-01 17:25:32 ----D---- C:\Windows\system32\config
2011-02-01 17:15:21 ----SHD---- C:\System Volume Information
2011-02-01 17:12:56 ----D---- C:\Windows\System32
2011-02-01 17:12:56 ----D---- C:\Windows\inf
2011-02-01 17:12:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-01 17:08:49 ----D---- C:\ProgramData\NVIDIA
2011-01-31 22:06:08 ----D---- C:\Users\Bartek\AppData\Roaming\foobar2000
2011-01-31 19:27:36 ----D---- C:\Users\Bartek\AppData\Roaming\uTorrent
2011-01-30 21:36:49 ----D---- C:\Windows\Minidump
2011-01-30 21:36:40 ----D---- C:\Windows
2011-01-30 13:26:08 ----SHD---- C:\Windows\Installer
2011-01-29 16:13:27 ----D---- C:\Program Files\JDownloader
2011-01-29 16:09:58 ----HD---- C:\ProgramData
2011-01-29 13:26:19 ----D---- C:\Program Files\MoorHunt
2011-01-29 11:15:39 ----D---- C:\Windows\system32\drivers
2011-01-29 11:15:39 ----D---- C:\Windows\security
2011-01-27 13:55:55 ----D---- C:\Windows\Downloaded Program Files
2011-01-22 17:40:07 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-20 00:43:47 ----D---- C:\Windows\system32\catroot2
2011-01-15 21:51:42 ----D---- C:\Program Files\Common Files
2011-01-14 18:54:49 ----D---- C:\Windows\system32\NDF
2011-01-13 21:10:09 ----D---- C:\Program Files\Steam
2011-01-12 19:16:53 ----D---- C:\Windows\winsxs
2011-01-12 19:14:04 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 19:13:43 ----D---- C:\Windows\system32\catroot
2011-01-12 19:13:18 ----D---- C:\Program Files\Java
2011-01-11 20:36:47 ----D---- C:\Windows\system32\wbem
2011-01-08 17:22:05 ----D---- C:\ProgramData\Adobe
2011-01-08 17:22:01 ----D---- C:\Program Files\Adobe
2011-01-08 17:21:45 ----D---- C:\Users\Bartek\AppData\Roaming\Adobe
2011-01-06 12:41:22 ----D---- C:\Program Files\Comical
2011-01-06 08:37:54 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-12 691696]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-06-09 47616]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 xnacc;Usługa sterownika kontrolera konsoli XBOX 360 dla systemu Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aw6f2n6g;aw6f2n6g; C:\Windows\system32\drivers\aw6f2n6g.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz130;cpuz130; \??\C:\Users\Bartek\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-05-22 2361952]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-12 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-10-12 189248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 KiesAllShare;SAMSUNG KiesAllShare Service; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1343400]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

Odinstaluj Vshare toolbar.


W OTL, w oknie Custom scan/fixes wklej:
[code]
:OTL
IE - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
O4 - HKLM..\Run: [Readar_sl] C:\Users\Bartek\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()

:Files
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000Core.job

:Commands
[emptytemp][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT

bartek1136
komentarz
komentarz (edytowane)

Hej Tomek,

Nie moglem znalezc logu z usuwania, pojawil sie na poczatku, ale go nie zapisalem tylko wkleilem do postu no i niechcacy zamknalem zakladke i przepadlo... Jesli jest jakies domyslne miejsce gdzie jest zapisywany to daj znac, dorzuce tutaj, ewentuale zapuszcze skrypt z gory jeszcze raz.

Poki co logi ze skanow po odpaleniu twojego skryptu jesli to wystarczy

[log]

info.txt logfile of random's system information tool 1.08 2011-02-01 18:55:32

======Uninstall list======

-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" "1033" "0"
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3DMark Vantage-->"C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Call of Duty Modern Warfare 2-->"F:\Gry\Modern Warfare 2\unins000.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe"
EVGA Precision 1.9.6-->"C:\Program Files\EVGA Precision\uninstall.exe"
F1 2010-->MsiExec.exe /I{434D0831-A4CC-401A-9E74-621000018401}
Fallout New Vegas-->"F:\Gry\Fallout New Vegas\unins000.exe"
foobar2000 v1.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Football Manager 2011-->"F:\Gry\fm2011\Uninstall_Football Manager 2011\Uninstall Football Manager 2011.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Grand Theft Auto: Episodes from Liberty City-->MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MoorHunt 0.6.7.2-->"C:\Program Files\MoorHunt\unins000.exe"
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Opera 10.62-->MsiExec.exe /X{18E65799-76BD-46EF-9E53-972FE5A40736}
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054}
PunkBuster Services-->C:\Windows\system32\pbsvc_moh.exe -u --language=pl
Rapture3D 2.4.4 Game-->"C:\Program Files\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe
Skaner on-line mks_vir-->C:\Windows\system32\SkanerOnlineUninstall.exe
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab CYRI-->MsiExec.exe /I{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}
Two Worlds II-->F:\Gry\Two Worlds 2\Two Worlds II\Uninstall.exe
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Distributed Link Tracking Client weszła w stan stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Security Center weszła w stan stopped.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Desktop Window Manager Session Manager weszła w stan stopped.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Diagnostic Policy Service weszła w stan stopped.
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Usługa Microsoft Software Shadow Copy Provider weszła w stan stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Pakiet błędów , typ 0
Nazwa zdarzenia: PnPRequestAdditionalSoftware
Odpowiedź: Niedostępny
Identyfikator pliku Cab: 0

Sygnatura problemu:
P1: x86
P2: USB\VID_04F3&PID_0230&REV_2458
P3: 6.1.0.0
P4: 0415
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Dołączone pliki:

Te pliki mogą być dostępne tutaj:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_5f34203b36e5ccc07eba6f8ac3ce8ab4d50813c_cab_06b50e80

Symbol analizy:
Ponowne sprawdzanie rozwiązania: 0
Identyfikator raportu: 54c860ee-a600-11df-b0da-db5781c4ec55
Stan raportu: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100812105700.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100812105658.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100812105654.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100812105650.922102-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100812105651.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: Bartek-Komputer
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 15143
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026220127.504238-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: BARTEK-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x1e0
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 15142
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026220127.504238-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xce599c

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 15141
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026215028.348529-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xce597a

Typ logowania: 3

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 15140
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026215028.348529-000
Event Type: Sukcesy inspekcji
User:

Computer Name: Bartek-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0xce599c
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej: KOMPUTER
Adres źródłowy sieci: 192.168.1.101
Port źródłowy: 50707

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 128

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 15139
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101026215017.976935-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bartek at 2011-02-01 18:55:24
Microsoft Windows 7 Ultimate
System drive C: has 47 GB (47%) free of 100 GB
Total RAM: 3327 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:29, on 2011-02-01
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Downloads\OTL.exe
C:\Users\Bartek\Desktop\RSIT.exe
C:\Program Files\trend micro\Bartek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6178 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-01-13 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office14\ONENOTEM.EXE [2010-03-29 227712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-01 18:55:24 ----D---- C:\rsit
2011-02-01 17:35:06 ----D---- C:\Program Files\trend micro
2011-01-30 21:36:38 ----A---- C:\Windows\ntbtlog.txt
2011-01-27 14:12:46 ----D---- C:\Users\Bartek\AppData\Roaming\Malwarebytes
2011-01-27 14:12:22 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-01-27 14:12:21 ----D---- C:\ProgramData\Malwarebytes
2011-01-27 14:12:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-27 14:12:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-01-27 13:56:03 ----A---- C:\Windows\system32\drivers\pavboot.sys
2011-01-27 13:56:02 ----D---- C:\Program Files\Panda Security
2011-01-22 17:48:13 ----D---- C:\Users\Bartek\AppData\Roaming\LolClient
2011-01-22 17:41:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-22 17:41:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-22 17:41:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-22 17:03:57 ----D---- C:\ProgramData\PMB Files
2011-01-22 17:03:47 ----D---- C:\Program Files\Pando Networks
2011-01-22 16:56:12 ----D---- C:\Program Files\Deluxe Ski Jump 4
2011-01-13 23:33:09 ----D---- C:\Users\Bartek\AppData\Roaming\Rovio
2011-01-12 19:13:45 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaws.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaw.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\java.exe
2011-01-08 17:22:01 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2011-02-01 18:55:27 ----D---- C:\Windows\Temp
2011-02-01 18:55:00 ----D---- C:\Windows\system32\config
2011-02-01 18:52:09 ----D---- C:\ProgramData\NVIDIA
2011-02-01 18:51:21 ----D---- C:\Windows\Prefetch
2011-02-01 18:51:16 ----D---- C:\Windows\System32
2011-02-01 18:51:16 ----D---- C:\Windows
2011-02-01 18:50:50 ----HD---- C:\ProgramData
2011-02-01 18:50:50 ----D---- C:\Windows\Tasks
2011-02-01 18:49:51 ----SHD---- C:\Windows\Installer
2011-02-01 18:49:50 ----SHD---- C:\System Volume Information
2011-02-01 18:49:29 ----RD---- C:\Program Files
2011-02-01 17:12:56 ----D---- C:\Windows\inf
2011-02-01 17:12:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-31 22:06:08 ----D---- C:\Users\Bartek\AppData\Roaming\foobar2000
2011-01-31 19:27:36 ----D---- C:\Users\Bartek\AppData\Roaming\uTorrent
2011-01-30 21:36:49 ----D---- C:\Windows\Minidump
2011-01-29 16:13:27 ----D---- C:\Program Files\JDownloader
2011-01-29 13:26:19 ----D---- C:\Program Files\MoorHunt
2011-01-29 11:15:39 ----D---- C:\Windows\system32\drivers
2011-01-29 11:15:39 ----D---- C:\Windows\security
2011-01-27 13:55:55 ----D---- C:\Windows\Downloaded Program Files
2011-01-22 17:40:07 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-20 00:43:47 ----D---- C:\Windows\system32\catroot2
2011-01-15 21:51:42 ----D---- C:\Program Files\Common Files
2011-01-14 18:54:49 ----D---- C:\Windows\system32\NDF
2011-01-13 21:10:09 ----D---- C:\Program Files\Steam
2011-01-12 19:16:53 ----D---- C:\Windows\winsxs
2011-01-12 19:14:04 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 19:13:43 ----D---- C:\Windows\system32\catroot
2011-01-12 19:13:18 ----D---- C:\Program Files\Java
2011-01-11 20:36:47 ----D---- C:\Windows\system32\wbem
2011-01-08 17:22:05 ----D---- C:\ProgramData\Adobe
2011-01-08 17:22:01 ----D---- C:\Program Files\Adobe
2011-01-08 17:21:45 ----D---- C:\Users\Bartek\AppData\Roaming\Adobe
2011-01-06 12:41:22 ----D---- C:\Program Files\Comical
2011-01-06 08:37:54 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-12 691696]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-06-09 47616]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 xnacc;Usługa sterownika kontrolera konsoli XBOX 360 dla systemu Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ajdgw22j;ajdgw22j; C:\Windows\system32\drivers\ajdgw22j.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz130;cpuz130; \??\C:\Users\Bartek\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-05-22 2361952]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-12 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-10-12 189248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 KiesAllShare;SAMSUNG KiesAllShare Service; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1343400]

-----------------EOF-----------------

OTL logfile created on: 2011-02-01 18:55:05 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 45,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 130,23 Gb Free Space | 35,39% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2011-01-08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-10-12 08:38:07 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2010-10-12 08:37:27 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-09-23 03:47:04 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2010-09-19 20:22:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2010-08-21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-09 15:20:06 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 02:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (KiesAllShare)
SRV - [2010-09-22 20:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-08-16 07:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-12 12:29:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-07-09 12:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009-12-22 06:07:36 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-06-09 05:37:08 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009-05-22 19:03:40 | 002,361,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-05-13 12:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007-12-17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-04-03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007-01-31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007-01-18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005-02-11 09:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-02-11 09:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 09:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 09:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 09:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Sony Ericsson PC Suite[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-01 18:55:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-01 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-01-30 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\EA Games
[2011-01-30 03:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\searchplugins
[2011-01-27 14:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Malwarebytes
[2011-01-27 14:12:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-01-27 14:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-27 14:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-01-27 14:12:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-01-27 14:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-27 13:56:03 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011-01-27 13:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011-01-22 17:48:13 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2011-01-22 17:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\PMB Files
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-01-22 17:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011-01-22 16:56:28 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\Deluxe Ski Jump 4
[2011-01-22 16:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-22 16:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2011-01-13 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2011-01-12 21:35:47 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2011-01-12 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Cooliris
[2011-01-08 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011-01-06 12:43:04 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\Nowy folder
[2011-01-01 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\SpacialAudio
[2011-01-01 18:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SpacialAudio
[2011-01-01 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\VirtualDJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010-12-29 09:40:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-12-26 21:11:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\skypePM
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Skype
[2010-12-26 20:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-12-19 20:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-12-18 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\THQ
[2010-12-18 16:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Saints Row 2
[2010-12-18 16:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2010-12-13 18:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2010-12-13 18:02:25 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\The Walking Dead 1-69
[2010-12-10 12:11:50 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Two Worlds II
[2010-12-10 12:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
[2010-12-07 09:45:35 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2010-08-24 11:22:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe48F4.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-01 18:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-01 18:52:01 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-01 17:34:36 | 000,339,991 | ---- | M] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-02-01 17:15:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 17:15:52 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 17:12:56 | 000,710,632 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-01 17:12:56 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-01 17:12:56 | 000,141,554 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-01 17:12:56 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-01-31 10:34:38 | 000,062,605 | ---- | M] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 21:36:40 | 203,854,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-01-30 19:38:44 | 000,052,232 | ---- | M] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-27 14:12:22 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:09 | 000,140,282 | ---- | M] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:05 | 000,062,455 | ---- | M] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | M] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:37 | 002,035,229 | ---- | M] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011-01-02 17:10:48 | 000,416,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-12-29 11:15:25 | 000,150,524 | ---- | M] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-26 21:11:03 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-12-19 22:36:58 | 000,001,242 | ---- | M] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-01 17:35:00 | 000,339,991 | ---- | C] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-01-31 10:34:41 | 000,062,605 | ---- | C] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 19:38:47 | 000,052,232 | ---- | C] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-27 14:12:22 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:12 | 000,140,282 | ---- | C] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:08 | 000,062,455 | ---- | C] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | C] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:18 | 002,035,229 | ---- | C] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010-12-29 11:15:25 | 000,150,524 | ---- | C] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-29 09:40:20 | 203,854,088 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-12-26 21:11:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-19 22:36:58 | 000,001,242 | ---- | C] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:16 | 524,288,000 | ---- | C] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | C] () -- C:\treeinfo.wc
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-10-03 19:52:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-10-03 19:52:37 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-09-22 19:09:41 | 000,000,017 | ---- | C] () -- C:\Users\Bartek\AppData\Local\resmon.resmoncfg
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Users\Bartek\AppData\Roaming\PnkBstrK.sys
[2010-08-28 17:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-08-28 17:20:32 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-08-28 17:20:32 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-08-28 17:20:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-08-28 17:20:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-08-28 08:45:56 | 000,003,584 | ---- | C] () -- C:\Users\Bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 12:29:26 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-08-12 12:13:05 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010-08-12 12:13:05 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010-08-12 12:11:10 | 000,022,562 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010-08-12 12:10:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-12 12:10:14 | 000,017,689 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-05-13 12:11:34 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007-04-03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-10-09 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\2K Sports
[2010-08-22 11:34:22 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Audacity
[2010-10-28 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\BESTplayer
[2010-09-03 01:06:11 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Bioshock2
[2010-10-03 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\DAEMON Tools Lite
[2011-01-31 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\foobar2000
[2010-08-12 12:32:43 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Gadu-Gadu 10
[2010-12-07 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2011-01-22 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2010-08-12 12:23:45 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Opera
[2010-10-03 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\PC Suite
[2011-01-13 23:33:09 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2010-12-13 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Samsung
[2010-11-12 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Sports Interactive
[2010-11-28 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Ubisoft
[2011-01-31 19:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\uTorrent
[2010-11-05 19:18:36 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-10-03 19:50:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-11-13 11:00:56 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-02-01 18:52:01 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-07 15:34:34 | 000,007,526 | ---- | M] () -- C:\mksbasel.cpp.log
[2011-02-01 18:52:03 | 3488,735,232 | -HS- | M] () -- C:\pagefile.sys
[2010-08-12 12:12:19 | 000,001,855 | ---- | M] () -- C:\RHDSetup.log
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

OTL Extras logfile created on: 2011-02-01 18:55:05 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 45,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 130,23 Gb Free Space | 35,39% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1DD0268-4069-4D39-B6D2-E00DB50CA9C4}" = League of Legends
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"Fallout New Vegas_is1" = Fallout New Vegas
"foobar2000" = foobar2000 v1.1
"Football Manager 2011" = Football Manager 2011
"Gadu-Gadu 10" = Gadu-Gadu 10
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"MoorHunt_is1" = MoorHunt 0.6.7.2
"MWSnap 3" = MWSnap 3
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.6
"PunkBusterSvc" = PunkBuster Services
"SkanerOnline" = Skaner on-line mks_vir
"SopCast" = SopCast 3.2.9
"Two Worlds II" = Two Worlds II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-20 15:37:51 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: rundll32.exe_srrstr.dll, wersja:
6.1.7600.16385, sygnatura czasowa: 0x4a5bc637 Nazwa modułu powodującego błąd: VSSAPI.DLL,
wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb24 Kod wyjątku: 0xc0000006 Przesunięcie
błędu: 0x00083103 Identyfikator procesu powodującego błąd: 0x69c Godzina uruchomienia
aplikacji powodującej błąd: 0x01cbb95d68e44377 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\rundll32.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\VSSAPI.DLL
Identyfikator
raportu: bb225db9-2550-11e0-9a87-90e6ba6c9154

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku C:\Windows\System32\vssapi.dll
z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem,
na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi
na tym komputerze; brak dysku. System Windows zamknął program Proces hosta systemu
Windows (Rundll32) z powodu tego błędu. Program: Proces hosta systemu Windows (Rundll32)
Plik:
C:\Windows\System32\vssapi.dll Wartość błędu jest wyświetlona w sekcji Dodatkowe
dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym
problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal
nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien
sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
-
jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały
dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: C0000185 Typ dysku: 3

Error - 2011-01-23 10:22:28 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-25 08:04:38 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-27 11:09:15 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 06:52:08 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 22:56:26 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

Error - 2011-01-30 16:37:27 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = DCOM | ID = 10005
Description =

Error - 2011-01-31 13:12:25 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 13:48:26 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 14:24:23 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =


< End of report >
[/log]

Tomek01
komentarz
komentarz

Log z usuwania powinien być w C:\OTL
Rozumiem, że qooqle już się nie pojawia, jeśli wszystko wykonałeś poprawnie to tak powinno być.

bartek1136
komentarz
komentarz (edytowane)

Znalazlem log z usuwania

[log]

All processes killed
========== OTL ==========
HKU\S-1-5-21-572806321-2650223820-3250390691-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Readar_sl deleted successfully.
C:\Users\Bartek\AppData\Roaming\Readar_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TunesHelper deleted successfully.
C:\ProgramData\TunesHelper.exe moved successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572806321-2650223820-3250390691-1000Core.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bartek
->Temp folder emptied: 1855313703 bytes
->Temporary Internet Files folder emptied: 22419731 bytes
->Java cache emptied: 1171893 bytes
->Google Chrome cache emptied: 358971198 bytes
->Opera cache emptied: 15087031 bytes
->Flash cache emptied: 181530 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 8031 bytes
%systemroot% .tmp files removed: 1008448 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71891588 bytes
RecycleBin emptied: 1050490663 bytes

Total Files Cleaned = 3 222,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02012011_185050

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]



Chwile wszystko wydawalo się ok, nie bylo qooqle ani w IE ani w chrome, teraz jest znowu...

Zreszta log z usuwania teoretycznie wszystko usunal. Zapuszczam scan OTL i RSIT jeszcze raz, zaraz wkleje

[log]

OTL logfile created on: 2011-02-01 19:58:12 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 45,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 130,23 Gb Free Space | 35,39% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2011-01-08 04:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-10-12 08:38:07 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2010-10-12 08:37:27 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-09-19 20:22:35 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2010-08-21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-07-09 15:20:06 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-01 17:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (KiesAllShare)
SRV - [2010-09-22 20:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-08-16 07:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-07-09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-03-25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-12 12:29:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-07-09 12:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009-12-22 06:07:36 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-06-09 05:37:08 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009-05-22 19:03:40 | 002,361,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-05-13 12:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007-12-17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-04-03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007-01-31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007-01-18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005-02-11 09:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-02-11 09:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 09:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 09:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 09:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Sony Ericsson PC Suite[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-01 18:55:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-01 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-01-30 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\EA Games
[2011-01-30 03:31:22 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\searchplugins
[2011-01-27 14:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Malwarebytes
[2011-01-27 14:12:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-01-27 14:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-01-27 14:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-01-27 14:12:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-01-27 14:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-01-27 13:56:03 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011-01-27 13:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011-01-22 17:48:13 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2011-01-22 17:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\PMB Files
[2011-01-22 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-01-22 17:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011-01-22 16:56:28 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\Deluxe Ski Jump 4
[2011-01-22 16:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-22 16:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2011-01-13 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2011-01-12 21:35:47 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2011-01-12 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Cooliris
[2011-01-08 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011-01-06 12:43:04 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\Nowy folder
[2011-01-01 18:28:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\SpacialAudio
[2011-01-01 18:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\SpacialAudio
[2011-01-01 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Documents\VirtualDJ
[2011-01-01 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010-12-29 09:40:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-12-26 21:11:01 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\skypePM
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010-12-26 20:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-12-26 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\Skype
[2010-12-26 20:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-12-19 20:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-12-18 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\THQ
[2010-12-18 16:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Saints Row 2
[2010-12-18 16:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2010-12-13 18:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2010-12-13 18:02:25 | 000,000,000 | ---D | C] -- C:\Users\Bartek\Desktop\The Walking Dead 1-69
[2010-12-10 12:11:50 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Local\Two Worlds II
[2010-12-10 12:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
[2010-12-07 09:45:35 | 000,000,000 | ---D | C] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2010-08-24 11:22:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe48F4.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-01 19:59:00 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 19:59:00 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-01 19:56:09 | 000,710,632 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-01 19:56:09 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-01 19:56:09 | 000,141,554 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-01 19:56:09 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-01 19:51:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-01 19:51:50 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-01 17:34:36 | 000,339,991 | ---- | M] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-01-31 10:34:38 | 000,062,605 | ---- | M] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 21:36:40 | 203,854,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-01-30 19:38:44 | 000,052,232 | ---- | M] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-27 14:12:22 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:09 | 000,140,282 | ---- | M] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:05 | 000,062,455 | ---- | M] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | M] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:37 | 002,035,229 | ---- | M] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011-01-02 17:10:48 | 000,416,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-12-29 11:15:25 | 000,150,524 | ---- | M] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-26 21:11:03 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-12-19 22:36:58 | 000,001,242 | ---- | M] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-01 17:35:00 | 000,339,991 | ---- | C] () -- C:\Users\Bartek\Desktop\RSIT.exe
[2011-01-31 10:34:41 | 000,062,605 | ---- | C] () -- C:\Users\Bartek\Desktop\179369_10150130955148013_716093012_7846069_7856125_n.jpg
[2011-01-30 19:38:47 | 000,052,232 | ---- | C] () -- C:\Users\Bartek\Desktop\180625_10150375360220051_657330050_17000227_7942799_n.jpg
[2011-01-27 14:12:22 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-01-22 17:41:45 | 000,000,529 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011-01-22 00:22:12 | 000,140,282 | ---- | C] () -- C:\Users\Bartek\Desktop\dubstep.jpg
[2011-01-21 22:00:08 | 000,062,455 | ---- | C] () -- C:\Users\Bartek\Desktop\profile_header.jpg
[2011-01-21 21:04:13 | 000,419,629 | ---- | C] () -- C:\Users\Bartek\Desktop\Bez tytułu.jpg
[2011-01-20 18:28:18 | 002,035,229 | ---- | C] () -- C:\Users\Bartek\Documents\LP 8.1.1.zip
[2011-01-08 17:22:13 | 000,145,576 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010-12-29 11:15:25 | 000,150,524 | ---- | C] () -- C:\Users\Bartek\Desktop\3.jpg
[2010-12-29 09:40:20 | 203,854,088 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-12-26 21:11:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-19 22:36:58 | 000,001,242 | ---- | C] () -- C:\Users\Bartek\Desktop\PhotoshopCS5Portable — skrót.lnk
[2010-12-07 09:56:16 | 524,288,000 | ---- | C] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | C] () -- C:\treeinfo.wc
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-12-07 09:45:36 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-10-03 19:52:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-10-03 19:52:37 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-09-22 19:09:41 | 000,000,017 | ---- | C] () -- C:\Users\Bartek\AppData\Local\resmon.resmoncfg
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-08-31 20:40:34 | 000,138,056 | ---- | C] () -- C:\Users\Bartek\AppData\Roaming\PnkBstrK.sys
[2010-08-28 17:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-08-28 17:20:32 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-08-28 17:20:32 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-08-28 17:20:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-08-28 17:20:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-08-28 08:45:56 | 000,003,584 | ---- | C] () -- C:\Users\Bartek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 12:29:26 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-08-12 12:13:05 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010-08-12 12:13:05 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010-08-12 12:11:10 | 000,022,562 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010-08-12 12:10:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-12 12:10:14 | 000,017,689 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009-11-06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-05-13 12:11:34 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007-04-03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-10-09 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\2K Sports
[2010-08-22 11:34:22 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Audacity
[2010-10-28 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\BESTplayer
[2010-09-03 01:06:11 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Bioshock2
[2010-10-03 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\DAEMON Tools Lite
[2011-01-31 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\foobar2000
[2010-08-12 12:32:43 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Gadu-Gadu 10
[2010-12-07 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\GHISLER
[2011-01-22 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\LolClient
[2010-08-12 12:23:45 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Opera
[2010-10-03 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\PC Suite
[2011-01-13 23:33:09 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Rovio
[2010-12-13 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Samsung
[2010-11-12 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Sports Interactive
[2010-11-28 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\Ubisoft
[2011-02-01 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Bartek\AppData\Roaming\uTorrent
[2010-11-05 19:18:36 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-10-03 19:50:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-11-13 11:00:56 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-02-01 19:51:50 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-07 15:34:34 | 000,007,526 | ---- | M] () -- C:\mksbasel.cpp.log
[2011-02-01 19:51:52 | 3488,735,232 | -HS- | M] () -- C:\pagefile.sys
[2010-08-12 12:12:19 | 000,001,855 | ---- | M] () -- C:\RHDSetup.log
[2010-12-07 09:56:23 | 524,288,000 | ---- | M] () -- C:\sortitoutsi_megapack.7z.001.001
[2010-12-07 09:51:39 | 000,046,531 | -H-- | M] () -- C:\treeinfo.wc


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

OTL Extras logfile created on: 2011-02-01 19:58:12 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 45,63 Gb Free Space | 46,72% Space Free | Partition Type: NTFS
Drive F: | 368,01 Gb Total Space | 130,23 Gb Free Space | 35,39% Space Free | Partition Type: NTFS

Computer Name: BARTEK-KOMPUTER | User Name: Bartek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1DD0268-4069-4D39-B6D2-E00DB50CA9C4}" = League of Legends
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"Fallout New Vegas_is1" = Fallout New Vegas
"foobar2000" = foobar2000 v1.1
"Football Manager 2011" = Football Manager 2011
"Gadu-Gadu 10" = Gadu-Gadu 10
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"MoorHunt_is1" = MoorHunt 0.6.7.2
"MWSnap 3" = MWSnap 3
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Precision" = EVGA Precision 1.9.6
"PunkBusterSvc" = PunkBuster Services
"SkanerOnline" = Skaner on-line mks_vir
"SopCast" = SopCast 3.2.9
"Two Worlds II" = Two Worlds II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-20 15:37:51 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: rundll32.exe_srrstr.dll, wersja:
6.1.7600.16385, sygnatura czasowa: 0x4a5bc637 Nazwa modułu powodującego błąd: VSSAPI.DLL,
wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb24 Kod wyjątku: 0xc0000006 Przesunięcie
błędu: 0x00083103 Identyfikator procesu powodującego błąd: 0x69c Godzina uruchomienia
aplikacji powodującej błąd: 0x01cbb95d68e44377 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\rundll32.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\VSSAPI.DLL
Identyfikator
raportu: bb225db9-2550-11e0-9a87-90e6ba6c9154

Error - 2011-01-21 07:22:29 | Computer Name = Bartek-Komputer | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku C:\Windows\System32\vssapi.dll
z jednej z następujących przyczyn: problem z połączeniem sieciowym; problem z dyskiem,
na którym jest przechowywany plik; problem ze sterownikami magazynu zainstalowanymi
na tym komputerze; brak dysku. System Windows zamknął program Proces hosta systemu
Windows (Rundll32) z powodu tego błędu. Program: Proces hosta systemu Windows (Rundll32)
Plik:
C:\Windows\System32\vssapi.dll Wartość błędu jest wyświetlona w sekcji Dodatkowe
dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może być przejściowym
problemem, który sam się rozwiąże po ponownym uruchomieniu programu. 2. Jeśli nadal
nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci powinien
sprawdzić, czy nie ma problemu z siecią i czy można skontaktować się z serwerem.
-
jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź, czy cały
dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz polecenie CMD, a następnie kliknij przycisk OK. W wierszu polecenia
wpisz polecenie CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem
nie ustąpi, przywróć plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki
na tym samym dysku. Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy,
skontaktuj się z administratorem komputera lub dostawcą sprzętu komputerowego, aby
uzyskać dalszą pomoc. Dodatkowe dane Wartość błędu: C0000185 Typ dysku: 3

Error - 2011-01-23 10:22:28 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-25 08:04:38 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-27 11:09:15 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 06:52:08 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-29 22:56:26 | Computer Name = Bartek-Komputer | Source = SideBySide | ID = 16842785
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Users\Bartek\AppData\Local\Temp\{ef08c693-9846-4e4c-9001-e973226dd173}\{efb7d050-cad2-11d4-b34d-00105a1c23dd}\nvuninst-ia64.exe".
Nie
można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Użyj
narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

Error - 2011-01-30 16:37:27 | Computer Name = Bartek-Komputer | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:17 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-01-30 16:37:24 | Computer Name = Bartek-Komputer | Source = DCOM | ID = 10005
Description =

Error - 2011-01-31 13:12:25 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 13:48:26 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-01-31 14:24:23 | Computer Name = Bartek-Komputer | Source = bowser | ID = 8003
Description =

Error - 2011-02-01 13:50:50 | Computer Name = Bartek-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.


< End of report >
info.txt logfile of random's system information tool 1.08 2011-02-01 20:00:45

======Uninstall list======

-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" "1033" "0"
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3DMark Vantage-->"C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Call of Duty Modern Warfare 2-->"F:\Gry\Modern Warfare 2\unins000.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
CPUID CPU-Z 1.55-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Dead Space™ 2-->MsiExec.exe /X{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}
Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe"
EVGA Precision 1.9.6-->"C:\Program Files\EVGA Precision\uninstall.exe"
F1 2010-->MsiExec.exe /I{434D0831-A4CC-401A-9E74-621000018401}
Fallout New Vegas-->"F:\Gry\Fallout New Vegas\unins000.exe"
foobar2000 v1.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Football Manager 2011-->"F:\Gry\fm2011\Uninstall_Football Manager 2011\Uninstall Football Manager 2011.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Grand Theft Auto: Episodes from Liberty City-->MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
K-Lite Codec Pack 6.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MoorHunt 0.6.7.2-->"C:\Program Files\MoorHunt\unins000.exe"
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Opera 10.62-->MsiExec.exe /X{18E65799-76BD-46EF-9E53-972FE5A40736}
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054}
PunkBuster Services-->C:\Windows\system32\pbsvc_moh.exe -u --language=pl
Rapture3D 2.4.4 Game-->"C:\Program Files\BRS\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\SAMSUNG\USB
_________________________________________________________________-
Logfile of random's system information tool 1.08 (written by random/random)
Run by Bartek at 2011-02-01 20:00:38
Microsoft Windows 7 Ultimate
System drive C: has 47 GB (47%) free of 100 GB
Total RAM: 3327 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:44, on 2011-02-01
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Downloads\OTL.exe
C:\Users\Bartek\Desktop\RSIT.exe
C:\Windows\notepad.exe
C:\Program Files\trend micro\Bartek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6326 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\Bartek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-01-13 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bartek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office14\ONENOTEM.EXE [2010-03-29 227712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-01 18:55:24 ----D---- C:\rsit
2011-02-01 17:35:06 ----D---- C:\Program Files\trend micro
2011-01-30 21:36:38 ----A---- C:\Windows\ntbtlog.txt
2011-01-27 14:12:46 ----D---- C:\Users\Bartek\AppData\Roaming\Malwarebytes
2011-01-27 14:12:22 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-01-27 14:12:21 ----D---- C:\ProgramData\Malwarebytes
2011-01-27 14:12:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-27 14:12:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-01-27 13:56:03 ----A---- C:\Windows\system32\drivers\pavboot.sys
2011-01-27 13:56:02 ----D---- C:\Program Files\Panda Security
2011-01-22 17:48:13 ----D---- C:\Users\Bartek\AppData\Roaming\LolClient
2011-01-22 17:41:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-01-22 17:41:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-01-22 17:41:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-01-22 17:03:57 ----D---- C:\ProgramData\PMB Files
2011-01-22 17:03:47 ----D---- C:\Program Files\Pando Networks
2011-01-22 16:56:12 ----D---- C:\Program Files\Deluxe Ski Jump 4
2011-01-13 23:33:09 ----D---- C:\Users\Bartek\AppData\Roaming\Rovio
2011-01-12 19:13:45 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaws.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\javaw.exe
2011-01-12 19:13:21 ----A---- C:\Windows\system32\java.exe
2011-01-08 17:22:01 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2011-02-01 20:00:44 ----D---- C:\Windows\Temp
2011-02-01 19:56:09 ----D---- C:\Windows\System32
2011-02-01 19:56:09 ----D---- C:\Windows\inf
2011-02-01 19:56:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-01 19:54:48 ----D---- C:\Windows\system32\config
2011-02-01 19:51:57 ----D---- C:\ProgramData\NVIDIA
2011-02-01 19:00:58 ----D---- C:\Users\Bartek\AppData\Roaming\uTorrent
2011-02-01 18:58:19 ----D---- C:\Windows\Prefetch
2011-02-01 18:51:16 ----D---- C:\Windows
2011-02-01 18:50:50 ----HD---- C:\ProgramData
2011-02-01 18:50:50 ----D---- C:\Windows\Tasks
2011-02-01 18:49:51 ----SHD---- C:\Windows\Installer
2011-02-01 18:49:50 ----SHD---- C:\System Volume Information
2011-02-01 18:49:29 ----RD---- C:\Program Files
2011-01-31 22:06:08 ----D---- C:\Users\Bartek\AppData\Roaming\foobar2000
2011-01-30 21:36:49 ----D---- C:\Windows\Minidump
2011-01-29 16:13:27 ----D---- C:\Program Files\JDownloader
2011-01-29 13:26:19 ----D---- C:\Program Files\MoorHunt
2011-01-29 11:15:39 ----D---- C:\Windows\system32\drivers
2011-01-29 11:15:39 ----D---- C:\Windows\security
2011-01-27 13:55:55 ----D---- C:\Windows\Downloaded Program Files
2011-01-22 17:40:07 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-20 00:43:47 ----D---- C:\Windows\system32\catroot2
2011-01-15 21:51:42 ----D---- C:\Program Files\Common Files
2011-01-14 18:54:49 ----D---- C:\Windows\system32\NDF
2011-01-13 21:10:09 ----D---- C:\Program Files\Steam
2011-01-12 19:16:53 ----D---- C:\Windows\winsxs
2011-01-12 19:14:04 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 19:13:43 ----D---- C:\Windows\system32\catroot
2011-01-12 19:13:18 ----D---- C:\Program Files\Java
2011-01-11 20:36:47 ----D---- C:\Windows\system32\wbem
2011-01-08 17:22:05 ----D---- C:\ProgramData\Adobe
2011-01-08 17:22:01 ----D---- C:\Program Files\Adobe
2011-01-08 17:21:45 ----D---- C:\Users\Bartek\AppData\Roaming\Adobe
2011-01-06 12:41:22 ----D---- C:\Program Files\Comical
2011-01-06 08:37:54 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-12 691696]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-06-09 47616]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 xnacc;Usługa sterownika kontrolera konsoli XBOX 360 dla systemu Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 465408]
S3 a5inx257;a5inx257; C:\Windows\system32\drivers\a5inx257.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz130;cpuz130; \??\C:\Users\Bartek\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-05-22 2361952]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-12 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-10-12 189248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 KiesAllShare;SAMSUNG KiesAllShare Service; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe []
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1343400]

-----------------EOF-----------------

[/log]

Nowy log wykonany po usuwaniu

Tomek01
komentarz
komentarz

Teraz jest czysto i qooqle już nie powinno się pojawić.

bartek1136
komentarz
komentarz

Wygląda ok, dzieki za pomoc!

  • 4 tygodnie później...
lukaszek0991
komentarz
komentarz

http://wklej.to/thvly plik OTL.Txt
http://wklej.to/5tIIG plik Extras.Tht
prosze o pomoc i dokladne dalsze wskazowki bardzo prosze.

Tomek01
komentarz
komentarz

Załóż nowy temat, ten jest zamknięty.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.