lukkaz utworzono 4 lutego 2011 utworzono 4 lutego 2011 (edytowane) Witam, mam problem z tym nieszczęsnym "qooqlle", nie potrafię tego usunąć. Wyskakuje mi zamiast "google" jako strona startowa, gdy usuwam w ustawieniach wyszukiwarek (firefox) po restarcie komputera problem wraca. Log z OTL, tylko 1 mi wyskoczył: [log]OTL logfile created on: 2011-02-04 12:59:28 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LUKKAZ\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 192,79 Gb Free Space | 85,73% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 102,24 Gb Free Space | 43,90% Space Free | Partition Type: NTFS Drive E: | 8,01 Gb Total Space | 1,52 Gb Free Space | 18,96% Space Free | Partition Type: NTFS Computer Name: LUKKAZ-NOTEBOOK | User Name: LUKKAZ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-04 12:26:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LUKKAZ\Downloads\OTL.exe PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\avgtray.exe PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe PRC - [2010-12-03 20:58:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\plugin-container.exe PRC - [2010-11-17 05:40:10 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Gry\Steam\Steam.exe PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\AVG10\avgwdsvc.exe PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programy\DAEMON Tools Lite\DTLite.exe PRC - [2007-04-17 12:12:28 | 002,113,536 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\gg.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-04 12:26:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LUKKAZ\Downloads\OTL.exe MOD - [2010-12-09 13:44:11 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2010-03-24 07:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\ggwhook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programy\AVG\AVG10\Firefox\ [2011-01-20 09:36:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Programy\Mozilla Firefox\components [2011-02-03 12:43:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2011-02-03 12:43:02 | 000,000,000 | ---D | M] [2011-02-03 12:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUKKAZ\AppData\Roaming\mozilla\Extensions [2011-02-03 12:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUKKAZ\AppData\Roaming\mozilla\Firefox\Profiles\y16z37pv.default\extensions [2011-01-20 09:36:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- D:\PROGRAMY\AVG\AVG10\FIREFOX [2011-01-19 17:31:05 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMY\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} O1 HOSTS File: ([2010-12-09 13:44:05 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AVG_TRAY] D:\Programy\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Readar_sl] C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [ALLUpdate] D:\Programy\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [DAEMON Tools Lite] D:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001..\Run: [Steam] D:\Gry\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Programy\BitSpirit\bsurl.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.113.224.36 217.113.224.35 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-12-06 14:34:15 | 000,000,000 | ---D | M] - D:\AutoMapa.6.6.1.FINAL.PL-cracked -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (D:\Programy\AVG\AVG10\avgchsva.exe /sync) - D:\Programy\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (D:\Programy\AVG\AVG10\avgrsa.exe /sync /restart) - D:\Programy\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-04 12:26:51 | 000,000,000 | ---D | C] -- C:\_OTL [2011-02-03 23:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INTERIA.PL [2011-02-03 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\Webcam [2011-02-03 23:49:04 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\Hewlett-Packard [2011-02-03 23:47:47 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP [2011-02-03 23:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2011-02-03 23:45:46 | 000,000,000 | ---D | C] -- C:\HP [2011-02-03 12:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011-02-01 13:15:48 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Winamp [2011-02-01 12:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2011-01-31 15:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIcodec [2011-01-31 15:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theorica Divx ;-) Codecs [2011-01-31 15:34:31 | 000,311,296 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe [2011-01-31 15:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-01-31 15:33:05 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm [2011-01-31 15:33:05 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll [2011-01-31 15:33:05 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2011-01-31 15:33:05 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2011-01-31 15:33:05 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011-01-28 17:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator [2011-01-28 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\KONAMI [2011-01-28 11:06:46 | 000,463,360 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe [2011-01-28 11:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011-01-28 10:36:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011-01-28 09:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2011-01-27 18:52:06 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers [2011-01-27 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\DVDVideoSoft [2011-01-27 18:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011-01-27 18:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011-01-27 18:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011-01-27 11:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011-01-26 19:40:52 | 000,000,000 | R--D | C] -- C:\Users\LUKKAZ\Documents\IVONA Reader Podcasts [2011-01-26 19:40:52 | 000,000,000 | R--D | C] -- C:\Users\LUKKAZ\Documents\IVONA Reader Documents [2011-01-26 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Nero [2011-01-26 19:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2011-01-26 19:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2011-01-26 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011-01-23 17:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catan GmbH [2011-01-23 11:46:43 | 000,000,000 | ---D | C] -- C:\swsetup [2011-01-21 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki [2011-01-21 18:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\embedded [2011-01-21 09:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011-01-21 09:54:45 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\2K Games [2011-01-21 09:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2011-01-19 17:34:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011-01-19 17:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011-01-19 17:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010-12-22 14:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2010-12-15 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2010-12-09 18:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash-SWF to AVI-GIF [2010-12-09 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\WinMPG [2010-12-09 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\dwhelper [2010-12-06 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\Documents\Need for Speed World [2010-12-06 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Roaming\Need for Speed World [2010-12-06 17:02:13 | 000,000,000 | ---D | C] -- C:\Users\LUKKAZ\AppData\Local\Electronic_Arts_Inc [2010-12-06 17:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-04 12:28:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-04 12:28:42 | 2413,522,944 | -HS- | M] () -- C:\hiberfil.sys [2011-02-03 12:43:09 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-02-03 12:43:04 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-02-01 13:15:54 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2011-01-31 15:34:28 | 008,180,224 | RHS- | M] () -- C:\ProgramData\TunesHelper.exe [2011-01-31 15:34:28 | 000,311,296 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe [2011-01-31 15:30:13 | 000,000,509 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Programy i funkcje.lnk [2011-01-28 17:36:35 | 000,000,633 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Easy GIF Animator.lnk [2011-01-28 13:11:08 | 000,001,230 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\PES 2011.lnk [2011-01-28 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011-01-27 18:51:49 | 000,000,950 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Free YouTube to MP3 Converter.lnk [2011-01-27 18:37:26 | 000,000,619 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Audacity.lnk [2011-01-27 10:47:02 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2011-01-26 19:22:40 | 000,001,403 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011-01-26 16:28:35 | 000,007,680 | ---- | M] () -- C:\Users\LUKKAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-23 17:11:05 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Catan Online World.lnk [2011-01-21 18:15:40 | 000,000,828 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Mafia.lnk [2011-01-21 09:49:33 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2010-12-22 14:11:32 | 000,000,740 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\EVEREST Home Edition.lnk [2010-12-15 17:32:51 | 000,000,672 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\IrfanView.lnk [2010-12-09 13:44:13 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe [2010-12-09 13:44:06 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs [2010-12-06 17:01:50 | 000,000,956 | ---- | M] () -- C:\Users\LUKKAZ\Desktop\Need For Speed World.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-03 12:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-02-03 12:43:04 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-02-01 13:15:54 | 000,000,641 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2011-01-31 15:34:30 | 008,180,224 | RHS- | C] () -- C:\ProgramData\TunesHelper.exe [2011-01-31 15:33:06 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2011-01-31 15:33:06 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-01-31 15:30:13 | 000,000,509 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Programy i funkcje.lnk [2011-01-28 17:36:35 | 000,000,633 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Easy GIF Animator.lnk [2011-01-28 13:11:08 | 000,001,230 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\PES 2011.lnk [2011-01-27 18:51:49 | 000,000,950 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Free YouTube to MP3 Converter.lnk [2011-01-27 18:37:26 | 000,000,619 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Audacity.lnk [2011-01-27 18:37:26 | 000,000,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011-01-26 19:22:40 | 000,001,403 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011-01-23 17:11:05 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Catan Online World.lnk [2011-01-21 18:15:40 | 000,000,828 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Mafia.lnk [2011-01-21 09:49:33 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2011-01-19 21:04:16 | 000,000,375 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\mousefix.reg [2010-12-22 14:11:32 | 000,000,740 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\EVEREST Home Edition.lnk [2010-12-15 17:32:51 | 000,000,672 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\IrfanView.lnk [2010-12-09 13:44:06 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2010-12-09 13:44:06 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe [2010-12-06 17:01:50 | 000,000,956 | ---- | C] () -- C:\Users\LUKKAZ\Desktop\Need For Speed World.lnk [2010-11-11 18:25:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-11-11 18:21:06 | 000,007,680 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-11 14:40:02 | 000,002,432 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\Tempaf2824.html [2010-11-11 13:45:43 | 000,002,432 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\TempRS1952.html [2010-11-11 13:45:43 | 000,002,089 | ---- | C] () -- C:\Users\LUKKAZ\AppData\Local\Tempui1952.html [2010-11-11 13:34:53 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2010-01-27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2011-02-04 12:19:13 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AIMP [2010-11-11 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AVG [2010-11-11 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\AVG10 [2010-11-11 14:03:32 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\BitSpirit [2011-01-21 09:43:01 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\DAEMON Tools Lite [2011-01-27 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers [2010-11-11 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Gadu-Gadu [2010-11-11 14:36:31 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Gadu-Gadu 10 [2010-12-06 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Need for Speed World [2010-11-11 13:34:55 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\OpenCandy [2010-11-11 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\OpenFM [2010-11-11 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Publish Providers [2010-11-11 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\Sony [2010-12-09 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\LUKKAZ\AppData\Roaming\WinMPG [2009-07-14 06:08:49 | 000,023,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-11-11 12:15:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-02-04 12:28:42 | 2413,522,944 | -HS- | M] () -- C:\hiberfil.sys [2011-02-04 12:28:43 | 3218,034,688 | -HS- | M] () -- C:\pagefile.sys [2011-02-01 13:05:11 | 000,001,032 | ---- | M] () -- C:\sc_serv.log [2011-02-01 13:05:11 | 000,000,000 | ---- | M] () -- C:\sc_serv_1.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > [/log] Loga z RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by LUKKAZ at 2011-02-04 13:08:38 Microsoft Windows 7 Ultimate System drive C: has 197 GB (86%) free of 230 GB Total RAM: 3069 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:08:48, on 2011-02-04 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: D:\Gry\Steam\Steam.exe D:\Programy\Gadu-Gadu\gg.exe D:\Programy\DAEMON Tools Lite\DTLite.exe D:\Programy\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\Programy\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe D:\Programy\Mozilla Firefox\firefox.exe D:\Programy\Mozilla Firefox\plugin-container.exe C:\Users\LUKKAZ\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\LUKKAZ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG_TRAY] D:\Programy\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TunesHelper] %ALLUSERSPROFILE%\TunesHelper.exe O4 - HKLM\..\Run: [Readar_sl] %APPDATA%\Readar_sl.exe O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ALLUpdate] "D:\Programy\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Steam] "D:\Gry\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Programy\BitSpirit\bsurl.htm O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Programy\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7651 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Programy\Java\bin\jp2ssv.dll [2011-01-19 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"=D:\Programy\AVG\AVG10\avgtray.exe [2011-01-07 2747744] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "TunesHelper"=C:\ProgramData\TunesHelper.exe [2011-01-31 8180224] "Readar_sl"=C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe [2011-01-31 311296] "HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072] "ALLUpdate"=D:\Programy\ALLPlayer\ALLUpdate.exe [2010-03-24 1432064] "Steam"=D:\Gry\Steam\steam.exe [2010-11-17 1242448] "Gadu-Gadu"=D:\Programy\Gadu-Gadu\gg.exe [2007-04-17 2113536] "DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-02-04 13:03:14 ----D---- C:\rsit 2011-02-04 13:03:14 ----D---- C:\Program Files (x86)\trend micro 2011-02-04 12:26:51 ----D---- C:\_OTL 2011-02-03 23:47:04 ----D---- C:\Program Files (x86)\Hewlett-Packard 2011-02-03 23:45:46 ----D---- C:\HP 2011-02-01 13:15:48 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Winamp 2011-02-01 12:35:24 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine 2011-01-31 15:34:31 ----RASH---- C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe 2011-01-31 15:34:30 ----RASH---- C:\ProgramData\TunesHelper.exe 2011-01-31 15:33:06 ----A---- C:\Windows\avisplitter.ini 2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\yv12vfw.dll 2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\vp7vfw.dll 2011-01-31 15:33:05 ----A---- C:\Windows\SysWOW64\lagarith.dll 2011-01-28 11:06:46 ----A---- C:\Windows\sttray64.exe 2011-01-28 11:05:11 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2011-01-28 10:36:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2011-01-28 09:43:13 ----D---- C:\ProgramData\KONAMI 2011-01-27 18:52:06 ----D---- C:\Users\LUKKAZ\AppData\Roaming\DVDVideoSoftIEHelpers 2011-01-27 18:51:54 ----D---- C:\Program Files (x86)\DVDVideoSoft 2011-01-27 18:51:45 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft 2011-01-27 11:57:32 ----D---- C:\Program Files (x86)\MSXML 4.0 2011-01-26 19:23:28 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Nero 2011-01-26 19:22:26 ----D---- C:\ProgramData\Nero 2011-01-26 19:22:25 ----D---- C:\Program Files (x86)\Common Files\Nero 2011-01-23 11:46:43 ----D---- C:\swsetup 2011-01-21 18:14:17 ----D---- C:\Windows\SysWOW64\embedded 2011-01-21 18:14:17 ----A---- C:\Windows\SysWOW64\eax.dll 2011-01-21 09:55:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2011-01-19 17:34:42 ----D---- C:\Windows\Sun 2011-01-19 17:31:18 ----D---- C:\ProgramData\Sun 2011-01-19 17:31:17 ----D---- C:\Program Files (x86)\Common Files\Java 2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\javaws.exe 2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\javaw.exe 2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\java.exe 2011-01-19 17:31:03 ----A---- C:\Windows\SysWOW64\deployJava1.dll 2011-01-19 17:08:06 ----A---- C:\Windows\SysWOW64\odbc32.dll ======List of files/folders modified in the last 1 months====== 2011-02-04 13:08:47 ----D---- C:\Windows\Temp 2011-02-04 13:08:47 ----D---- C:\Windows\Prefetch 2011-02-04 13:03:14 ----RD---- C:\Program Files (x86) 2011-02-04 12:35:01 ----D---- C:\Windows\System32 2011-02-04 12:35:01 ----D---- C:\Windows\inf 2011-02-04 12:28:58 ----D---- C:\Windows\SysWOW64 2011-02-04 12:21:45 ----AD---- C:\ProgramData\TEMP 2011-02-04 12:19:13 ----D---- C:\Users\LUKKAZ\AppData\Roaming\AIMP 2011-02-04 12:16:29 ----D---- C:\Windows\debug 2011-02-03 23:48:25 ----SHD---- C:\System Volume Information 2011-02-03 23:47:51 ----SHD---- C:\Windows\Installer 2011-02-03 13:06:07 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Skype 2011-02-03 12:58:43 ----D---- C:\Users\LUKKAZ\AppData\Roaming\skypePM 2011-02-03 12:43:14 ----D---- C:\Users\LUKKAZ\AppData\Roaming\Mozilla 2011-02-03 12:43:09 ----D---- C:\Windows 2011-02-01 12:35:24 ----D---- C:\Program Files (x86)\Common Files 2011-01-31 15:34:30 ----HD---- C:\ProgramData 2011-01-28 11:36:43 ----RD---- C:\Program Files 2011-01-27 11:57:55 ----D---- C:\Windows\winsxs 2011-01-21 09:54:51 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2011-01-21 09:43:01 ----D---- C:\Users\LUKKAZ\AppData\Roaming\DAEMON Tools Lite 2011-01-19 17:31:06 ----SD---- C:\Users\LUKKAZ\AppData\Roaming\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [] R3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [] R3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [] R3 netw5v64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [] R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] S3 aa0t0u1k;aa0t0u1k; C:\Windows\SysWOW64\drivers\aa0t0u1k.sys [] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [] S3 NETw5s64;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [] S3 NETw5x64;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows XP 64 Bit; C:\Windows\system32\DRIVERS\NETw5x64.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\AESTSr64.exe [2009-01-20 88576] R2 AVGIDSAgent;AVGIDSAgent; D:\Programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720] R2 avgwd;AVG WatchDog; D:\Programy\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c213b26bc177b5b9\STacSV64.exe [2009-01-20 290304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.08 2011-02-04 13:08:50 ======Uninstall list====== -->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D} AIMP2-->D:\Programy\AIMP2\Uninstall.exe ALLPlayer V4.X-->"D:\Programy\ALLPlayer\unins000.exe" Audacity 1.2.6-->"D:\Programy\Audacity\unins000.exe" AVG PC Tuneup 2011-->"D:\Programy\AVG\AVG PC Tuneup 2011\unins000.exe" BitSpirit v3.6.0.500 Stable-->"D:\Programy\BitSpirit\unins000.exe" Call of Duty Modern Warfare 2-->"D:\Gry\Activision\Modern Warfare 2\unins000.exe" Catan Online World-->D:\Gry\Catan GmbH\Catan Online World 3\uninst.exe ConvertHelper 2.2-->"D:\Programy\ConvertHelper\unins000.exe" Counter-Strike-->"D:\Gry\Steam\steam.exe" steam://uninstall/10 Easy GIF Animator 5.1-->"D:\Programy\Easy GIF Animator\unins000.exe" EVEREST Home Edition v2.20-->"D:\Programy\Lavalys\EVEREST Home Edition\unins000.exe" Free Audio CD Burner version 1.4.7-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free YouTube to MP3 Converter version 3.9.32-->"D:\Programy\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" Gadu-Gadu 7.7-->D:\Programy\Gadu-Gadu\Setup.exe HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z IDT Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly IrfanView (remove only)-->D:\Programy\IrfanView\iv_uninstall.exe Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF} K-Lite Codec Pack 6.9.0 (Full)-->"D:\Programy\K-Lite Codec Pack\unins000.exe" Mafia II-->"D:\Gry\2K Games\Mafia II\unins000.exe" Mafia-->"D:\Gry\Kolekcja Klasyki\Mafia\unins000.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ Run Time Lib Setup-->MsiExec.exe /X{AAF4238F-7C29-451D-9925-C753271A5728} Mozilla Firefox (3.6.13)-->D:\Programy\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED} Need For Speed™ World-->"D:\Gry\Electronic Arts\Need For Speed World\unins000.exe" Nero 9 Lite-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647" Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF} Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054} Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client SHOUTcast DSP Plug-in v2-->"D:\Programy\Winamp\uninstall_shoutcast-source-dsp-v2.exe" Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8} SopCast 3.2.9-->D:\Programy\SopCast\uninst.exe Sp5-->MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl-->MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt-->MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SpCommon-->MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpPhones-->MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe" Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} Winamp-->"D:\Programy\Winamp\UninstWA.exe" WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe" ======Hosts File====== 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ======System event log====== Computer Name: LUKKAZ-Notebook Event Code: 27 Message: Aktualizacje automatyczne zostały wstrzymane. Record Number: 19254 Source Name: Microsoft-Windows-WindowsUpdateClient Time Written: 20110204112203.134514-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LUKKAZ-Notebook Event Code: 7002 Message: Powiadomienie podczas wylogowywania się użytkownika dla Programu poprawy jakości obsługi klienta Record Number: 19253 Source Name: Microsoft-Windows-Winlogon Time Written: 20110204112201.527711-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LUKKAZ-Notebook Event Code: 1074 Message: Proces C:\Windows\system32\winlogon.exe (LUKKAZ-NOTEBOOK) zainicjował uruchomienie ponowne komputera LUKKAZ-NOTEBOOK w imieniu użytkownika LUKKAZ-Notebook\LUKKAZ z następującej przyczyny: Nie można odnaleźć tytułu dla tej przyczyny Kod przyczyny: 0x500ff Typ zamknięcia systemu: uruchomienie ponowne Komentarz: Record Number: 19252 Source Name: USER32 Time Written: 20110204112201.000000-000 Event Type: Informacje User: LUKKAZ-Notebook\LUKKAZ Computer Name: LUKKAZ-Notebook Event Code: 1074 Message: Proces Explorer.EXE zainicjował uruchomienie ponowne komputera LUKKAZ-NOTEBOOK w imieniu użytkownika LUKKAZ-Notebook\LUKKAZ z następującej przyczyny: Inne zadania (niezaplanowane) Kod przyczyny: 0x0 Typ zamknięcia systemu: uruchomienie ponowne Komentarz: Record Number: 19251 Source Name: USER32 Time Written: 20110204112149.000000-000 Event Type: Informacje User: LUKKAZ-Notebook\LUKKAZ Computer Name: LUKKAZ-Notebook Event Code: 104 Message: Plik dziennika System został wyczyszczony. Record Number: 19250 Source Name: Microsoft-Windows-Eventlog Time Written: 20110204112118.362035-000 Event Type: Informacje User: LUKKAZ-Notebook\LUKKAZ =====Application event log===== Computer Name: LUKKAZ-Notebook Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 4244 Source Name: Microsoft-Windows-EventSystem Time Written: 20110204112315.000000-000 Event Type: Informacje User: Computer Name: LUKKAZ-Notebook Event Code: 1532 Message: Usługa profilów użytkowników została zatrzymana. Record Number: 4243 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20110204112213.243332-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: LUKKAZ-Notebook Event Code: 1530 Message: System Windows wykrył, że plik rejestru nadal jest używany przez inne aplikacje lub usługi. Plik zostanie teraz zwolniony. Aplikacje lub usługi, które używają pliku rejestru, mogą zacząć działać nieprawidłowo. SZCZEGÓŁY — 5 user registry handles leaked from \Registry\User\S-1-5-21-3306715282-2080392360-2529713335-1001: Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001 Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\Root Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Microsoft\SystemCertificates\trust Process 756 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306715282-2080392360-2529713335-1001\Software\Policies\Microsoft\SystemCertificates Record Number: 4242 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20110204112200.482509-000 Event Type: Ostrzeżenia User: ZARZĄDZANIE NT\SYSTEM Computer Name: LUKKAZ-Notebook Event Code: 6000 Message: Subskrybent powiadomień usługi winlogon <SessionEnv> był niedostępny i nie mógł obsłużyć zdarzenia powiadamiania. Record Number: 4241 Source Name: Microsoft-Windows-Winlogon Time Written: 20110204112159.000000-000 Event Type: Informacje User: Computer Name: LUKKAZ-Notebook Event Code: 9009 Message: Menedżer okien pulpitu zakończył działanie; kod (0x40010004). Record Number: 4240 Source Name: Desktop Window Manager Time Written: 20110204112159.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: LUKKAZ-Notebook Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4999 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110204112312.129246-000 Event Type: Sukcesy inspekcji User: Computer Name: LUKKAZ-Notebook Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 4998 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110204112312.113646-000 Event Type: Sukcesy inspekcji User: Computer Name: LUKKAZ-Notebook Event Code: 1100 Message: Usługa rejestrowania zdarzeń została zamknięta. Record Number: 4997 Source Name: Microsoft-Windows-Eventlog Time Written: 20110204112212.884531-000 Event Type: Sukcesy inspekcji User: Computer Name: LUKKAZ-Notebook Event Code: 4647 Message: Użytkownik zainicjował wylogowanie: Podmiot: Identyfikator zabezpieczeń: S-1-5-21-3306715282-2080392360-2529713335-1001 Nazwa konta: LUKKAZ Domena konta: LUKKAZ-Notebook Identyfikator logowania: 0x8e42f To zdarzenie jest generowane, gdy zostanie zainicjowane wylogowanie. Nie mogą wystąpić dalsze działania inicjowane przez użytkownika. To zdarzenie można interpretować jako zdarzenie wylogowania. Record Number: 4996 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110204112159.764908-000 Event Type: Sukcesy inspekcji User: Computer Name: LUKKAZ-Notebook Event Code: 1102 Message: Dziennik inspekcji został wyczyszczony. Podmiot: Identyfikator zabezpieczeń: S-1-5-21-3306715282-2080392360-2529713335-1001 Nazwa konta: LUKKAZ Nazwa domeny: LUKKAZ-Notebook Identyfikator logowania: 0x8e42f Record Number: 4995 Source Name: Microsoft-Windows-Eventlog Time Written: 20110204112118.159235-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 -----------------EOF----------------- [/log]
icam87 komentarz 4 lutego 2011 komentarz 4 lutego 2011 (edytowane) http://www.forumpc.pl/index.php?showtopic=195744 [color="#FF0000"]//Ciach //Nie cytujemy całych postów //Tom01[/color]
Tomek01 komentarz 4 lutego 2011 komentarz 4 lutego 2011 W OTL, w oknie Custom scan/fixes wklej: [code]:OTL IE - HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/" O4 - HKLM..\Run: [Readar_sl] C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe () C:\Users\LUKKAZ\AppData\Local\Temp@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4 :OTL :Commands [emptytemp] [/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowy log OTL.
lukkaz komentarz 4 lutego 2011 Autor komentarz 4 lutego 2011 (edytowane) log z usuwania[log]All processes killed ========== OTL ========== HKU\S-1-5-21-3306715282-2080392360-2529713335-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "qooqlle" removed from browser.search.selectedEngine Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Readar_sl deleted successfully. C:\Users\LUKKAZ\AppData\Roaming\Readar_sl.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TunesHelper deleted successfully. C:\ProgramData\TunesHelper.exe moved successfully. ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LUKKAZ ->Temp folder emptied: 1470715 bytes ->Temporary Internet Files folder emptied: 260980 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 80645897 bytes ->Flash cache emptied: 1343 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 79,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02042011_181751 Files\Folders moved on Reboot... C:\Users\LUKKAZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... [/log] nowy log[log]Error: Unable to interpret <netsvcs> in the current context! Error: Unable to interpret <msconfig> in the current context! Error: Unable to interpret <safebootminimal> in the current context! Error: Unable to interpret <safebootnetwork> in the current context! Error: Unable to interpret <%systemdrive%\*.*> in the current context! Error: Unable to interpret </md5start> in the current context! Error: Unable to interpret <agp440.sys> in the current context! Error: Unable to interpret <atapi.sys> in the current context! Error: Unable to interpret <beep.sys> in the current context! Error: Unable to interpret <cdrom.sys> in the current context! Error: Unable to interpret <ndis.sys> in the current context! Error: Unable to interpret <winlogon.exe> in the current context! Error: Unable to interpret <eventlog.dll> in the current context! Error: Unable to interpret </md5stop> in the current context! OTL by OldTimer - Version 3.2.20.6 log created on 02042011_182317 [/log]
Tomek01 komentarz 4 lutego 2011 komentarz 4 lutego 2011 Już nie musisz bo zakładam, że qooqle się już nie pojawia. W OTL wciśnij CleanUp.
lukkaz komentarz 4 lutego 2011 Autor komentarz 4 lutego 2011 Wielki dzieki Tomek01! A mam jeszcze takie pytanie, co powodowało ten problem? jakiś wirus?
Tomek01 komentarz 4 lutego 2011 komentarz 4 lutego 2011 Tak to znane ostatnio qooqle trapi wielu użytkowników bo zmienia stronę startową. Ale to nic groźnego
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.