x-kom hosting

[ROZWIAZANY] Problem z qooqlle, jak usunąć?

lukkaz
utworzono
utworzono (edytowane)

Witam, mam problem z tym nieszczęsnym "qooqlle", nie potrafię tego usunąć. Wyskakuje mi zamiast "google" jako strona startowa, gdy usuwam w ustawieniach wyszukiwarek (firefox) po restarcie komputera problem wraca.

Log z OTL, tylko 1 mi wyskoczył: [log]OTL logfile created on: 2011-02-04 12:59:28 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LUKKAZ\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,87 Gb Total Space | 192,79 Gb Free Space | 85,73% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 102,24 Gb Free Space | 43,90% Space Free | Partition Type: NTFS
Drive E: | 8,01 Gb Total Space | 1,52 Gb Free Space | 18,96% Space Free | Partition Type: NTFS

Computer Name: LUKKAZ-NOTEBOOK | User Name: LUKKAZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-04 12:26:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LUKKAZ\Downloads\OTL.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\avgtray.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe
PRC - [2010-12-03 20:58:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\plugin-container.exe
PRC - [2010-11-17 05:40:10 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\Steam.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\avgwdsvc.exe
PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programy\DAEMON Tools Lite\DTLite.exe
PRC - [2007-04-17 12:12:28 | 002,113,536 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\gg.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-04 12:26:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LUKKAZ\Downloads\OTL.exe
MOD - [2010-12-09 13:44:11 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2010-03-24 07:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programy\AVG\AVG10\Firefox\ [2011-01-20 09:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-02-03 12:43:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-02-03 12:43:02 | 000,000,000 | ---D | M]

[2011-02-03 12:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUKKAZ\AppData\Roaming\mozilla\Extensions
[2011-02-03 12:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUKKAZ\AppData\Roaming\mozilla\Firefox\Profiles\y16z37pv.default\extensions
[2011-01-20 09:36:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- D:\PROGRAMY\AVG\AVG10\FIREFOX
[2011-01-19 17:31:05 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2010-12-09 13:44:05 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] D:\Programy\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Readar_sl] C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [ALLUpdate] D:\Programy\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [DAEMON Tools Lite] D:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [Steam] D:\Gry\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Programy\BitSpirit\bsurl.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.113.224.36 217.113.224.35
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-12-06 14:34:15 | 000,000,000 | ---D | M] - D:\AutoMapa.6.6.1.FINAL.PL-cracked -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (D:\Programy\AVG\AVG10\avgchsva.exe /sync) - D:\Programy\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (D:\Programy\AVG\AVG10\avgrsa.exe /sync /restart) - D:\Programy\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-04 12:26:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-02-03 23:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INTERIA.PL
[2011-02-03 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\Webcam
[2011-02-03 23:49:04 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\Hewlett-Packard
[2011-02-03 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2011-02-03 23:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2011-02-03 23:45:46 | 000,000,000 | ---D | C] -- C:\HP
[2011-02-03 12:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011-02-01 13:15:48 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Winamp
[2011-02-01 12:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011-01-31 15:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIcodec
[2011-01-31 15:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theorica Divx ;-) Codecs
[2011-01-31 15:34:31 | 000,311,296 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe
[2011-01-31 15:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-01-31 15:33:05 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011-01-31 15:33:05 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2011-01-31 15:33:05 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011-01-31 15:33:05 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011-01-31 15:33:05 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-01-28 17:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator
[2011-01-28 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\KONAMI
[2011-01-28 11:06:46 | 000,463,360 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2011-01-28 11:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-01-28 10:36:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-01-28 09:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2011-01-27 18:52:06 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers
[2011-01-27 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\DVDVideoSoft
[2011-01-27 18:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011-01-27 18:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011-01-27 18:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011-01-27 11:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011-01-26 19:40:52 | 000,000,000 | R--D | C] -- C:\Users\LUKKAZ\Documents\IVONA Reader Podcasts
[2011-01-26 19:40:52 | 000,000,000 | R--D | C] -- C:\Users\LUKKAZ\Documents\IVONA Reader Documents
[2011-01-26 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Nero
[2011-01-26 19:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011-01-26 19:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011-01-26 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011-01-23 17:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catan GmbH
[2011-01-23 11:46:43 | 000,000,000 | ---D | C] -- C:\swsetup
[2011-01-21 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2011-01-21 18:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\embedded
[2011-01-21 09:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011-01-21 09:54:45 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\2K Games
[2011-01-21 09:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2011-01-19 17:34:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-01-19 17:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-01-19 17:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-12-22 14:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2010-12-15 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2010-12-09 18:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash-SWF to AVI-GIF
[2010-12-09 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\WinMPG
[2010-12-09 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\dwhelper
[2010-12-06 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\Need for Speed World
[2010-12-06 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Need for Speed World
[2010-12-06 17:02:13 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\Electronic_Arts_Inc
[2010-12-06 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-04 12:28:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-04 12:28:42 | 2413,522,944 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-03 12:43:09 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011-02-03 12:43:04 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-02-01 13:15:54 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011-01-31 15:34:28 | 008,180,224 | RHS- | M] () -- C:\ProgramData\TunesHelper.exe
[2011-01-31 15:34:28 | 000,311,296 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe
[2011-01-31 15:30:13 | 000,000,509 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Programy i funkcje.lnk
[2011-01-28 17:36:35 | 000,000,633 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Easy GIF Animator.lnk
[2011-01-28 13:11:08 | 000,001,230 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\PES 2011.lnk
[2011-01-28 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011-01-27 18:51:49 | 000,000,950 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Free YouTube to MP3 Converter.lnk
[2011-01-27 18:37:26 | 000,000,619 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Audacity.lnk
[2011-01-27 10:47:02 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-01-26 19:22:40 | 000,001,403 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011-01-26 16:28:35 | 000,007,680 | ---- | M] () -- C:\Users\LUKKAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-01-23 17:11:05 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Catan Online World.lnk
[2011-01-21 18:15:40 | 000,000,828 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Mafia.lnk
[2011-01-21 09:49:33 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010-12-22 14:11:32 | 000,000,740 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\EVEREST Home Edition.lnk
[2010-12-15 17:32:51 | 000,000,672 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\IrfanView.lnk
[2010-12-09 13:44:13 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe
[2010-12-09 13:44:06 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[2010-12-06 17:01:50 | 000,000,956 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Need For Speed World.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-03 12:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-02-03 12:43:04 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-02-01 13:15:54 | 000,000,641 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011-01-31 15:34:30 | 008,180,224 | RHS- | C] () -- C:\ProgramData\TunesHelper.exe
[2011-01-31 15:33:06 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011-01-31 15:33:06 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-31 15:30:13 | 000,000,509 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Programy i funkcje.lnk
[2011-01-28 17:36:35 | 000,000,633 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Easy GIF Animator.lnk
[2011-01-28 13:11:08 | 000,001,230 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\PES 2011.lnk
[2011-01-27 18:51:49 | 000,000,950 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Free YouTube to MP3 Converter.lnk
[2011-01-27 18:37:26 | 000,000,619 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Audacity.lnk
[2011-01-27 18:37:26 | 000,000,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011-01-26 19:22:40 | 000,001,403 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011-01-23 17:11:05 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Catan Online World.lnk
[2011-01-21 18:15:40 | 000,000,828 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Mafia.lnk
[2011-01-21 09:49:33 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2011-01-19 21:04:16 | 000,000,375 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\mousefix.reg
[2010-12-22 14:11:32 | 000,000,740 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\EVEREST Home Edition.lnk
[2010-12-15 17:32:51 | 000,000,672 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\IrfanView.lnk
[2010-12-09 13:44:06 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010-12-09 13:44:06 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2010-12-06 17:01:50 | 000,000,956 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Need For Speed World.lnk
[2010-11-11 18:25:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-11-11 18:21:06 | 000,007,680 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-11 14:40:02 | 000,002,432 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\Tempaf2824.html
[2010-11-11 13:45:43 | 000,002,432 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\TempRS1952.html
[2010-11-11 13:45:43 | 000,002,089 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\Tempui1952.html
[2010-11-11 13:34:53 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010-01-27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-02-04 12:19:13 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AIMP
[2010-11-11 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AVG
[2010-11-11 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AVG10
[2010-11-11 14:03:32 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\BitSpirit
[2011-01-21 09:43:01 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\DAEMON Tools Lite
[2011-01-27 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers
[2010-11-11 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Gadu-Gadu
[2010-11-11 14:36:31 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Gadu-Gadu 10
[2010-12-06 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Need for Speed World
[2010-11-11 13:34:55 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\OpenCandy
[2010-11-11 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\OpenFM
[2010-11-11 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Publish Providers
[2010-11-11 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Sony
[2010-12-09 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\WinMPG
[2009-07-14 06:08:49 | 000,023,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-11-11 12:15:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-02-04 12:28:42 | 2413,522,944 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-04 12:28:43 | 3218,034,688 | -HS- | M] () -- C:\pagefile.sys
[2011-02-01 13:05:11 | 000,001,032 | ---- | M] () -- C:\sc_serv.log
[2011-02-01 13:05:11 | 000,000,000 | ---- | M] () -- C:\sc_serv_1.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
[/log] Loga z RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random)
Run by LUKKAZ at 2011-02-04 13:08:38
Microsoft Windows 7 Ultimate
System drive C: has 197 GB (86%) free of 230 GB
Total RAM: 3069 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:48, on 2011-02-04
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
D:\Gry\Steam\Steam.exe
D:\Programy\Gadu-Gadu\gg.exe
D:\Programy\DAEMON Tools Lite\DTLite.exe
D:\Programy\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Programy\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Users\LUKKAZ\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\LUKKAZ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] D:\Programy\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TunesHelper] %ALLUSERSPROFILE%\TunesHelper.exe
O4 - HKLM\..\Run: [Readar_sl] %APPDATA%\Readar_sl.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ALLUpdate] "D:\Programy\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Programy\BitSpirit\bsurl.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Programy\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7651 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programy\Java\bin\jp2ssv.dll [2011-01-19 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=D:\Programy\AVG\AVG10\avgtray.exe [2011-01-07 2747744]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"TunesHelper"=C:\ProgramData\TunesHelper.exe [2011-01-31 8180224]
"Readar_sl"=C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe [2011-01-31 311296]
"HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"ALLUpdate"=D:\Programy\ALLPlayer\ALLUpdate.exe [2010-03-24 1432064]
"Steam"=D:\Gry\Steam\steam.exe [2010-11-17 1242448]
"Gadu-Gadu"=D:\Programy\Gadu-Gadu\gg.exe [2007-04-17 2113536]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-04 13:03:14 ----D---- C:\rsit
2011-02-04 13:03:14 ----D---- C:\Program Files (x86)\trend micro
2011-02-04 12:26:51 ----D---- C:\_OTL
2011-02-03 23:47:04 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-03 23:45:46 ----D---- C:\HP
2011-02-01 13:15:48 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Winamp
2011-02-01 12:35:24 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-01-31 15:34:31 ----RASH---- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe
2011-01-31 15:34:30 ----RASH---- C:\ProgramData\TunesHelper.exe
2011-01-31 15:33:06 ----A---- C:\Windows\avisplitter.ini
2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\yv12vfw.dll
2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\vp7vfw.dll
2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\lagarith.dll
2011-01-28 11:06:46 ----A---- C:\Windows\sttray64.exe
2011-01-28 11:05:11 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-01-28 10:36:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-28 09:43:13 ----D---- C:\ProgramData\KONAMI
2011-01-27 18:52:06 ----D---- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers
2011-01-27 18:51:54 ----D---- C:\Program Files (x86)\DVDVideoSoft
2011-01-27 18:51:45 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2011-01-27 11:57:32 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-01-26 19:23:28 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Nero
2011-01-26 19:22:26 ----D---- C:\ProgramData\Nero
2011-01-26 19:22:25 ----D---- C:\Program Files (x86)\Common Files\Nero
2011-01-23 11:46:43 ----D---- C:\swsetup
2011-01-21 18:14:17 ----D---- C:\Windows\SysWOW64\embedded
2011-01-21 18:14:17 ----A---- C:\Windows\SysWOW64\eax.dll
2011-01-21 09:55:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-01-19 17:34:42 ----D---- C:\Windows\Sun
2011-01-19 17:31:18 ----D---- C:\ProgramData\Sun
2011-01-19 17:31:17 ----D---- C:\Program Files (x86)\Common Files\Java
2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\javaws.exe
2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\javaw.exe
2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\java.exe
2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2011-01-19 17:08:06 ----A---- C:\Windows\SysWOW64\odbc32.dll

======List of files/folders modified in the last 1 months======

2011-02-04 13:08:47 ----D---- C:\Windows\Temp
2011-02-04 13:08:47 ----D---- C:\Windows\Prefetch
2011-02-04 13:03:14 ----RD---- C:\Program Files (x86)
2011-02-04 12:35:01 ----D---- C:\Windows\System32
2011-02-04 12:35:01 ----D---- C:\Windows\inf
2011-02-04 12:28:58 ----D---- C:\Windows\SysWOW64
2011-02-04 12:21:45 ----AD---- C:\ProgramData\TEMP
2011-02-04 12:19:13 ----D---- C:\Users\LUKKAZ\AppData\Roaming\AIMP
2011-02-04 12:16:29 ----D---- C:\Windows\debug
2011-02-03 23:48:25 ----SHD---- C:\System Volume Information
2011-02-03 23:47:51 ----SHD---- C:\Windows\Installer
2011-02-03 13:06:07 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Skype
2011-02-03 12:58:43 ----D---- C:\Users\LUKKAZ\AppData\Roaming\skypePM
2011-02-03 12:43:14 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Mozilla
2011-02-03 12:43:09 ----D---- C:\Windows
2011-02-01 12:35:24 ----D---- C:\Program Files (x86)\Common Files
2011-01-31 15:34:30 ----HD---- C:\ProgramData
2011-01-28 11:36:43 ----RD---- C:\Program Files
2011-01-27 11:57:55 ----D---- C:\Windows\winsxs
2011-01-21 09:54:51 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-01-21 09:43:01 ----D---- C:\Users\LUKKAZ\AppData\Roaming\DAEMON Tools Lite
2011-01-19 17:31:06 ----SD---- C:\Users\LUKKAZ\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys []
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys []
R3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
S3 aa0t0u1k;aa0t0u1k; C:\Windows\SysWOW64\drivers\aa0t0u1k.sys []
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 NETw5s64;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys []
S3 NETw5x64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows XP 64 Bit; C:\Windows\system32\DRIVERS\NETw5x64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\AESTSr64.exe [2009-01-20 88576]
R2 AVGIDSAgent;AVGIDSAgent; D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
R2 avgwd;AVG WatchDog; D:\Programy\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\STacSV64.exe [2009-01-20 290304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
[/log] [log]info.txt logfile of random's system information tool 1.08 2011-02-04 13:08:50

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AIMP2-->D:\Programy\AIMP2\Uninstall.exe
ALLPlayer V4.X-->"D:\Programy\ALLPlayer\unins000.exe"
Audacity 1.2.6-->"D:\Programy\Audacity\unins000.exe"
AVG PC Tuneup 2011-->"D:\Programy\AVG\AVG PC Tuneup 2011\unins000.exe"
BitSpirit v3.6.0.500 Stable-->"D:\Programy\BitSpirit\unins000.exe"
Call of Duty Modern Warfare 2-->"D:\Gry\Activision\Modern Warfare 2\unins000.exe"
Catan Online World-->D:\Gry\Catan GmbH\Catan Online World 3\uninst.exe
ConvertHelper 2.2-->"D:\Programy\ConvertHelper\unins000.exe"
Counter-Strike-->"D:\Gry\Steam\steam.exe" steam://uninstall/10
Easy GIF Animator 5.1-->"D:\Programy\Easy GIF Animator\unins000.exe"
EVEREST Home Edition v2.20-->"D:\Programy\Lavalys\EVEREST Home Edition\unins000.exe"
Free Audio CD Burner version 1.4.7-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.9.32-->"D:\Programy\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Gadu-Gadu 7.7-->D:\Programy\Gadu-Gadu\Setup.exe
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z
IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
IrfanView (remove only)-->D:\Programy\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
K-Lite Codec Pack 6.9.0 (Full)-->"D:\Programy\K-Lite Codec Pack\unins000.exe"
Mafia II-->"D:\Gry\2K Games\Mafia II\unins000.exe"
Mafia-->"D:\Gry\Kolekcja Klasyki\Mafia\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ Run Time Lib Setup-->MsiExec.exe /X{AAF4238F-7C29-451D-9925-C753271A5728}
Mozilla Firefox (3.6.13)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Need For Speed™ World-->"D:\Gry\Electronic Arts\Need For Speed World\unins000.exe"
Nero 9 Lite-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
SHOUTcast DSP Plug-in v2-->"D:\Programy\Winamp\uninstall_shoutcast-source-dsp-v2.exe"
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SopCast 3.2.9-->D:\Programy\SopCast\uninst.exe
Sp5-->MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}
Sp5Intl-->MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}
Sp5TTInt-->MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124}
SpCommon-->MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5}
SpPhones-->MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
Winamp-->"D:\Programy\Winamp\UninstWA.exe"
WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe"

======Hosts File======

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

======System event log======

Computer Name: LUKKAZ-Notebook
Event Code: 27
Message: Aktualizacje automatyczne zostały wstrzymane.
Record Number: 19254
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20110204112203.134514-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: LUKKAZ-Notebook
Event Code: 7002
Message: Powiadomienie podczas wylogowywania się użytkownika dla Programu poprawy jakości obsługi klienta
Record Number: 19253
Source Name: Microsoft-Windows-Winlogon
Time Written: 20110204112201.527711-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: LUKKAZ-Notebook
Event Code: 1074
Message: Proces C:\Windows\system32\winlogon.exe (LUKKAZ-NOTEBOOK) zainicjował uruchomienie ponowne komputera LUKKAZ-NOTEBOOK w imieniu użytkownika LUKKAZ-Notebook\LUKKAZ z następującej przyczyny: Nie można odnaleźć tytułu dla tej przyczyny
Kod przyczyny: 0x500ff
Typ zamknięcia systemu: uruchomienie ponowne
Komentarz:
Record Number: 19252
Source Name: USER32
Time Written: 20110204112201.000000-000
Event Type: Informacje
User: LUKKAZ-Notebook\LUKKAZ

Computer Name: LUKKAZ-Notebook
Event Code: 1074
Message: Proces Explorer.EXE zainicjował uruchomienie ponowne komputera LUKKAZ-NOTEBOOK w imieniu użytkownika LUKKAZ-Notebook\LUKKAZ z następującej przyczyny: Inne zadania (niezaplanowane)
Kod przyczyny: 0x0
Typ zamknięcia systemu: uruchomienie ponowne
Komentarz:
Record Number: 19251
Source Name: USER32
Time Written: 20110204112149.000000-000
Event Type: Informacje
User: LUKKAZ-Notebook\LUKKAZ

Computer Name: LUKKAZ-Notebook
Event Code: 104
Message: Plik dziennika System został wyczyszczony.
Record Number: 19250
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110204112118.362035-000
Event Type: Informacje
User: LUKKAZ-Notebook\LUKKAZ

=====Application event log=====

Computer Name: LUKKAZ-Notebook
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4244
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110204112315.000000-000
Event Type: Informacje
User:

Computer Name: LUKKAZ-Notebook
Event Code: 1532
Message: Usługa profilów użytkowników została zatrzymana.


Record Number: 4243
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110204112213.243332-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: LUKKAZ-Notebook
Event Code: 1530
Message: System Windows wykrył, że plik rejestru nadal jest używany przez inne aplikacje lub usługi. Plik zostanie teraz zwolniony. Aplikacje lub usługi, które używają pliku rejestru, mogą zacząć działać nieprawidłowo.

SZCZEGÓŁY —
5 user registry handles leaked from \Registry\User\S-1-5-21-3306715282-2080392360-2529713335-1001:
Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001
Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\Root
Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\trust
Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Policies\Microsoft\SystemCertificates

Record Number: 4242
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110204112200.482509-000
Event Type: Ostrzeżenia
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: LUKKAZ-Notebook
Event Code: 6000
Message: Subskrybent powiadomień usługi winlogon <SessionEnv> był niedostępny i nie mógł obsłużyć zdarzenia powiadamiania.
Record Number: 4241
Source Name: Microsoft-Windows-Winlogon
Time Written: 20110204112159.000000-000
Event Type: Informacje
User:

Computer Name: LUKKAZ-Notebook
Event Code: 9009
Message: Menedżer okien pulpitu zakończył działanie; kod (0x40010004).
Record Number: 4240
Source Name: Desktop Window Manager
Time Written: 20110204112159.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: LUKKAZ-Notebook
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 0

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x4
Nazwa procesu:

Informacje o sieci:
Nazwa stacji roboczej: -
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: -
Pakiet uwierzytelniania: -
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 4999
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110204112312.129246-000
Event Type: Sukcesy inspekcji
User:

Computer Name: LUKKAZ-Notebook
Event Code: 4608
Message: Trwa uruchamianie systemu Windows.

To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji.
Record Number: 4998
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110204112312.113646-000
Event Type: Sukcesy inspekcji
User:

Computer Name: LUKKAZ-Notebook
Event Code: 1100
Message: Usługa rejestrowania zdarzeń została zamknięta.
Record Number: 4997
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110204112212.884531-000
Event Type: Sukcesy inspekcji
User:

Computer Name: LUKKAZ-Notebook
Event Code: 4647
Message: Użytkownik zainicjował wylogowanie:

Podmiot:
Identyfikator zabezpieczeń: S-1-5-21-3306715282-2080392360-2529713335-1001
Nazwa konta: LUKKAZ
Domena konta: LUKKAZ-Notebook
Identyfikator logowania: 0x8e42f

To zdarzenie jest generowane, gdy zostanie zainicjowane wylogowanie. Nie mogą wystąpić dalsze działania inicjowane przez użytkownika. To zdarzenie można interpretować jako zdarzenie wylogowania.
Record Number: 4996
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110204112159.764908-000
Event Type: Sukcesy inspekcji
User:

Computer Name: LUKKAZ-Notebook
Event Code: 1102
Message: Dziennik inspekcji został wyczyszczony.
Podmiot:
Identyfikator zabezpieczeń: S-1-5-21-3306715282-2080392360-2529713335-1001
Nazwa konta: LUKKAZ
Nazwa domeny: LUKKAZ-Notebook
Identyfikator logowania: 0x8e42f
Record Number: 4995
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110204112118.159235-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706

-----------------EOF-----------------
[/log]

icam87
komentarz
komentarz (edytowane)

http://www.forumpc.pl/index.php?showtopic=195744

[color="#FF0000"]//Ciach
//Nie cytujemy całych postów
//Tom01[/color]

Tomek01
komentarz
komentarz

W OTL, w oknie Custom scan/fixes wklej:

[code]:OTL
IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
O4 - HKLM..\Run: [Readar_sl] C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()
C:\Users\LUKKAZ\AppData\Local\Temp@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

:OTL
:Commands
[emptytemp]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowy log OTL.

lukkaz
komentarz
komentarz (edytowane)

log z usuwania[log]All processes killed
========== OTL ==========
HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Readar_sl deleted successfully.
C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TunesHelper deleted successfully.
C:\ProgramData\TunesHelper.exe moved successfully.
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LUKKAZ
->Temp folder emptied: 1470715 bytes
->Temporary Internet Files folder emptied: 260980 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80645897 bytes
->Flash cache emptied: 1343 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02042011_181751

Files\Folders moved on Reboot...
C:\Users\LUKKAZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
[/log] nowy log[log]Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <msconfig> in the current context!
Error: Unable to interpret <safebootminimal> in the current context!
Error: Unable to interpret <safebootnetwork> in the current context!
Error: Unable to interpret <%systemdrive%\*.*> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <agp440.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <beep.sys> in the current context!
Error: Unable to interpret <cdrom.sys> in the current context!
Error: Unable to interpret <ndis.sys> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_182317
[/log]

Tomek01
komentarz
komentarz

Już nie musisz bo zakładam, że qooqle się już nie pojawia. ;)
W OTL wciśnij CleanUp.

lukkaz
komentarz
komentarz

Wielki dzieki Tomek01! A mam jeszcze takie pytanie, co powodowało ten problem? jakiś wirus?

Tomek01
komentarz
komentarz

Tak to znane ostatnio qooqle trapi wielu użytkowników bo zmienia stronę startową. Ale to nic groźnego ;)

lukkaz
komentarz
komentarz

Jeszcze raz dzieki. Do zamkniecia.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.