t06 utworzono 7 lutego 2011 utworzono 7 lutego 2011 Cześć ! Otóż przy ściągnięciu "managera" do pewnego portalu nabawiłem się uporczywego trojana jakim jest Win32/Injector.DOT Eset 4 nie radzi sobie z nim i nie mam pojęcia jak się go pozbyć :/. Szukałem na Internecie porad lecz zbytnio jestem w tych sprawach ciemny ... Dołączam logi z OTL. Proszę o jak najszybszą pomoc ! [log]OTL logfile created on: 2/7/2011 11:08:22 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fabian\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free 8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 198.29 Gb Total Space | 29.80 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive D: | 252.37 Gb Total Space | 81.27 Gb Free Space | 32.20% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/02/07 22:49:40 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Downloads\OTL.exe PRC - [2010/12/22 20:08:15 | 000,542,720 | ---- | M] () -- C:\Users\Fabian\Desktop\UDOBot PL v4.0.0\UDOBot PL.exe PRC - [2010/12/16 06:19:28 | 012,984,928 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe PRC - [2010/12/11 08:35:31 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010/12/11 08:35:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/09/28 17:55:30 | 000,147,968 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSvc.exe PRC - [2010/08/04 08:19:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe PRC - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/12/14 08:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe PRC - [2009/10/02 17:39:46 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/02/07 22:49:40 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Downloads\OTL.exe MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/09/30 17:51:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:[b]64bit:[/b] - [2010/04/07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009/10/02 17:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009/09/29 16:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/12/08 18:33:46 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/09/30 17:56:12 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/09/30 17:51:26 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010/08/18 20:24:11 | 003,640,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010/11/24 16:32:25 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010/04/07 21:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2010/04/07 21:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:[b]64bit:[/b] - [2010/04/07 21:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2010/04/07 21:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2010/04/07 21:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:[b]64bit:[/b] - [2009/12/14 21:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009/11/25 22:32:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2009/10/02 17:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009/09/29 16:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009/08/29 04:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009/08/29 04:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/01 21:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:[b]64bit:[/b] - [2009/06/27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:[b]64bit:[/b] - [2009/04/08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010/02/24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2005/01/04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.1 FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 08:35:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/11 08:35:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/11/03 10:48:28 | 000,000,000 | ---D | M] [2010/08/05 06:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2011/02/07 19:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\0m025rb2.default\extensions [2011/02/02 17:14:19 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\0m025rb2.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b} [2011/01/26 17:11:25 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\0m025rb2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2011/01/12 19:10:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\0m025rb2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/12/17 22:09:59 | 000,001,583 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\0m025rb2.default\searchplugins\web-search.xml [2010/12/08 19:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010/10/07 20:11:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/10/07 20:18:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010/12/09 10:54:52 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010/07/23 01:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010/07/23 01:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010/07/23 01:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010/07/23 01:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010/07/23 01:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010/07/23 01:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010/11/24 16:44:55 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [TNOD UP] C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe (Tukero[X]Team) O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] Reg Error: Value error. File not found O4 - HKCU..\Run: [StickyPassword] D:\Pobieranie JDownloader\WarezUSA.org_Sticky.Password.v5.0.1.194\i-sp4911\iNViSiBLE\stpass.exe (Lamantine Software a.s.) O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSvc.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:[b]64bit:[/b] - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/02/07 22:54:57 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2011/02/07 21:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Password [2011/02/07 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sticky Password [2011/02/07 21:40:56 | 000,000,000 | --SD | C] -- C:\Users\Fabian\Documents\Sticky Passwords [2011/02/07 20:06:17 | 000,000,000 | ---D | C] -- C:\Users\Fabian\.IBot 2.75 [2011/02/05 18:36:57 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Activision [2011/02/05 18:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2011/02/05 15:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer [2011/02/02 00:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011/02/01 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Red Alert 3 [2011/01/30 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Do_Tool [2011/01/30 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Nowy folder [2011/01/23 14:53:26 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2011/01/23 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2011/01/23 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\VirtualDJ [2011/01/23 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2011/01/12 21:36:56 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll [2011/01/12 21:36:56 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2011/01/12 21:36:56 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10warp.dll [2011/01/12 21:36:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll [2011/01/12 21:36:56 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll [2011/01/12 21:36:56 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2011/01/12 21:36:55 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll [2011/01/12 21:36:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll [2011/01/12 21:36:55 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2011/01/12 21:36:55 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2011/01/12 21:36:55 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll [2011/01/12 21:36:55 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2011/01/12 21:36:54 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll [2011/01/12 21:36:54 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2011/01/12 21:36:54 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2011/01/12 21:36:54 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10_1core.dll [2011/01/12 21:36:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll [2011/01/12 21:36:54 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2011/01/12 21:36:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d10_1.dll [2011/01/12 21:36:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2011/01/12 21:36:50 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbc32.dll [2011/01/12 21:36:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbc32.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/02/07 23:12:28 | 000,005,555 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\cglogs.dat [2011/02/07 23:12:28 | 000,005,426 | -H-- | M] () -- C:\Users\Fabian\AppData\Roaming\logs.dat [2011/02/07 22:32:04 | 000,001,048 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/07 22:08:35 | 000,000,000 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\chrtmp [2011/02/07 21:41:48 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Sticky Password.lnk [2011/02/07 18:58:58 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/07 18:58:58 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/07 18:51:35 | 000,001,044 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/07 18:51:26 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2011/02/07 18:51:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/02/07 18:51:16 | 4141,481,984 | -HS- | M] () -- C:\hiberfil.sys [2011/02/07 00:09:28 | 002,520,313 | ---- | M] () -- C:\Users\Fabian\Documents\IMG_2126 (2).JPG [2011/02/07 00:08:38 | 002,137,622 | ---- | M] () -- C:\Users\Fabian\Documents\IMG_4022.JPG [2011/02/07 00:08:20 | 001,587,905 | ---- | M] () -- C:\Users\Fabian\Documents\IMG_4018.JPG [2011/02/06 23:55:45 | 000,479,461 | ---- | M] () -- C:\Users\Fabian\Documents\DSCF2993.jpg [2011/02/06 23:55:27 | 000,334,976 | ---- | M] () -- C:\Users\Fabian\Documents\DSCF3013.jpg [2011/02/06 23:47:55 | 002,287,261 | ---- | M] () -- C:\Users\Fabian\Documents\IMG_3978.JPG [2011/02/06 23:47:44 | 001,509,419 | ---- | M] () -- C:\Users\Fabian\Documents\IMG_4014.JPG [2011/02/05 18:36:35 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk [2011/02/05 18:36:34 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk [2011/02/05 15:21:13 | 000,000,017 | ---- | M] () -- C:\Users\Fabian\AppData\Local\resmon.resmoncfg [2011/02/05 01:03:56 | 271,633,750 | ---- | M] () -- C:\Users\Fabian\Documents\HC movie0001.avi [2011/01/30 00:18:22 | 001,549,696 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011/01/30 00:18:22 | 000,697,912 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2011/01/30 00:18:22 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011/01/30 00:18:22 | 000,134,990 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2011/01/30 00:18:22 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011/01/24 11:48:19 | 004,961,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2011/01/23 14:53:26 | 000,001,043 | ---- | M] () -- C:\Users\Fabian\Desktop\Virtual DJ Pro.lnk [2011/01/19 12:18:44 | 003,913,545 | ---- | M] () -- C:\Users\Fabian\Desktop\ready to leave.mp3 [2011/01/14 13:12:03 | 000,002,004 | -H-- | M] () -- C:\Users\Fabian\Documents\Default.rdp [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/02/07 22:08:35 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\chrtmp [2011/02/07 21:41:48 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Sticky Password.lnk [2011/02/07 00:08:32 | 002,520,313 | ---- | C] () -- C:\Users\Fabian\Documents\IMG_2126 (2).JPG [2011/02/07 00:07:32 | 002,137,622 | ---- | C] () -- C:\Users\Fabian\Documents\IMG_4022.JPG [2011/02/07 00:07:24 | 001,587,905 | ---- | C] () -- C:\Users\Fabian\Documents\IMG_4018.JPG [2011/02/06 23:55:24 | 000,479,461 | ---- | C] () -- C:\Users\Fabian\Documents\DSCF2993.jpg [2011/02/06 23:55:09 | 000,334,976 | ---- | C] () -- C:\Users\Fabian\Documents\DSCF3013.jpg [2011/02/06 23:46:34 | 001,509,419 | ---- | C] () -- C:\Users\Fabian\Documents\IMG_4014.JPG [2011/02/06 23:46:33 | 002,287,261 | ---- | C] () -- C:\Users\Fabian\Documents\IMG_3978.JPG [2011/02/05 18:36:35 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk [2011/02/05 18:36:34 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk [2011/02/05 15:21:13 | 000,000,017 | ---- | C] () -- C:\Users\Fabian\AppData\Local\resmon.resmoncfg [2011/02/05 01:02:28 | 271,633,750 | ---- | C] () -- C:\Users\Fabian\Documents\HC movie0001.avi [2011/01/23 14:53:26 | 000,001,043 | ---- | C] () -- C:\Users\Fabian\Desktop\Virtual DJ Pro.lnk [2011/01/19 12:18:39 | 003,913,545 | ---- | C] () -- C:\Users\Fabian\Desktop\ready to leave.mp3 [2011/01/14 12:49:33 | 000,002,004 | -H-- | C] () -- C:\Users\Fabian\Documents\Default.rdp [2010/12/03 20:33:56 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/19 16:16:07 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2010/11/19 16:16:07 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2010/11/19 16:16:04 | 000,134,144 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2010/11/19 16:16:04 | 000,108,032 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2010/09/21 14:07:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/09/05 11:10:20 | 000,790,528 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2010/09/05 11:10:20 | 000,258,048 | ---- | C] () -- C:\windows\SysWow64\libFLAC.dll [2010/08/23 12:10:33 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat [2010/03/06 03:41:45 | 000,000,658 | ---- | C] () -- C:\windows\HotFixList.ini [2010/03/06 03:21:30 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2010/03/06 03:20:33 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [2010/03/06 03:19:36 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log [2010/03/06 03:17:16 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2010/03/06 03:16:12 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010/03/06 03:15:44 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2006/10/08 18:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini [2006/02/08 01:38:40 | 000,005,033 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\logs.dat [2005/07/09 07:18:22 | 000,005,239 | -H-- | C] () -- C:\Users\Fabian\AppData\Roaming\cglogs.dat [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:4EE74317 < End of report > [/log] [log]OTL Extras logfile created on: 2/7/2011 11:08:22 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fabian\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free 8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 198.29 Gb Total Space | 29.80 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive D: | 252.37 Gb Total Space | 81.27 Gb Free Space | 32.20% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit) "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{C02C2C22-2EB1-47C8-B74F-8AB1A62FAE31}" = Windows Live Family Safety "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA8CBD22-FF6A-4BDB-BD74-714401B13F10}" = ESET Smart Security "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "CCleaner" = CCleaner "HyperCam 2 (64 bit)" = HyperCam 2 (64 bit) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "TNod" = TNod User & Password Finder "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB) "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20ED5F88-541C-41A2-9B00-AFD347281403}" = Remere's Map Editor "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4 "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "Ant Movie Catalog_is1" = Ant Movie Catalog "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "Free Download Manager_is1" = Free Download Manager 3.0 "Gadu-Gadu 10" = Gadu-Gadu 10 "Gieroteka" = Gieroteka "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full) "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Sticky Password_is1" = Sticky Password 5.0.1.194 "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "vShare" = vShare Plugin "WinLiveSuite" = Podstawowe programy Windows Live [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 1/6/2011 4:44:09 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000031dcd Identyfikator procesu powodującego błąd: 0x18c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbace55601b6ae Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: b548156d-19d5-11e0-9de0-b482fe52b3dc Error - 1/8/2011 6:35:11 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x70c Godzina uruchomienia aplikacji powodującej błąd: 0x01cbaf1b32f9cbbb Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: 8d3a2364-1b77-11e0-8236-b482fe52b3dc Error - 1/14/2011 12:23:25 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x700 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb3c8865e7867 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: 9c0beac3-1ffa-11e0-8f54-b482fe52b3dc Error - 1/14/2011 2:50:47 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: explorer.exe, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000051c30 Identyfikator procesu powodującego błąd: 0x16c4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb407a37765d9 Ścieżka aplikacji powodującej błąd: C:\windows\explorer.exe Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: 3258f5b2-200f-11e0-8f54-b482fe52b3dc Error - 1/14/2011 4:14:05 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000051c30 Identyfikator procesu powodującego błąd: 0x16d0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb4076273d656 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: d5c57d47-201a-11e0-8f54-b482fe52b3dc Error - 1/15/2011 4:18:42 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x708 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb48c801ec4e5 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: a522ad6b-20e4-11e0-9213-b482fe52b3dc Error - 1/17/2011 6:38:55 AM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000031dcd Identyfikator procesu powodującego błąd: 0x734 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb6222ba44540 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: fb5e7f9b-2225-11e0-8b73-b482fe52b3dc Error - 1/17/2011 7:03:48 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x73c Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb6552aca11a2 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: 0a154e5e-228e-11e0-a088-b482fe52b3dc Error - 1/18/2011 10:17:28 AM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: DUI70.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdf25 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000002a2b Identyfikator procesu powodującego błąd: 0x704 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb6d54cd45579 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\system32\DUI70.dll Identyfikator raportu: addc0bb5-230d-11e0-a26c-b482fe52b3dc Error - 1/19/2011 9:15:43 PM | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000051c30 Identyfikator procesu powodującego błąd: 0x730 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbb7ac3a902d70 Ścieżka aplikacji powodującej błąd: C:\windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\windows\SYSTEM32\ntdll.dll Identyfikator raportu: ccda46f1-2432-11e0-98fc-b482fe52b3dc [ System Events ] Error - 11/16/2010 1:59:58 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/16/2010 2:05:08 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/16/2010 2:10:18 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:13:12 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:18:22 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:23:32 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:28:42 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:33:52 PM | Computer Name = Laptop | Source = BROWSER | ID = 8009 Description = Error - 11/17/2010 4:33:52 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 11/17/2010 4:39:02 PM | Computer Name = Laptop | Source = NetBT | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.0.101. Komputer o adresie IP 192.168.0.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. [ TuneUp Events ] Error - 2/1/2011 2:39:43 PM | Computer Name = Laptop | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > [/log] [color="#FF0000"] //Logi wstawiamy w tagi //Poprawiam //Tom01[/color]
Tomek01 komentarz 7 lutego 2011 komentarz 7 lutego 2011 W OTL, w oknie Custom scan/fixes wklej: [code]:OTL PRC - [2010/09/28 17:55:30 | 000,147,968 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSvc.exe IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" [2010/12/17 22:09:59 | 000,001,583 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\0m025rb2.default\searchplugins\web-search.xml O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O4 - HKCU..\Run: [StickyPassword] D:\Pobieranie JDownloader\WarezUSA.org_Sticky.Password.v5.0.1.194\i-sp4911\iNViSiBLE\stpass.exe (Lamantine Software a.s.) O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSvc.exe () @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:4EE74317 :Files C:\Users\Fabian\AppData\Roaming\cglogs.dat C:\Users\Fabian\AppData\Roaming\logs.dat C:\Users\Fabian\AppData\Roaming\chrtmp C:\Users\Fabian\AppData\Roaming\wklnhst.dat C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log :Commands [emptytemp][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.