zuro96 utworzono 15 marca 2011 utworzono 15 marca 2011 (edytowane) Witam, proszę o sprawdzenie logów z OTL i RSIT. Kiedyś miałem wirusa "Brontok" czy jakoś sie zwał. Obciążał bardzo system, ale jakoś go "wyłaczyłem". 2-3 dni temu wchodząc na kompa naciskam magiczne CTRL+ ALT+DEL i ku mojemu zdźiwieniu niemogę uruchomic menedżera. To samo sie stało z REGEDIT, jakoś raz mi się udało i w rejestrze właczyłem menedżera i rejestr(podczas próby uruchomienia programów wyskakuje bład o ograniczeniach administratora problem w tym, że ja nim jestem...). Czyściłem programem "Malwarebytes' Anti- Malware" i robiłem coś w HiJackThis. Nic nie pomaga, wirus dopisuje wciąż nowe linijki w rejestrze. Proszę o pomoc i rady jak wytępic szkodnika. Aha Opcje folderów też jakby znikły, ale gdy się już do nich dostane to też wyskakuje błąd o wyłaczeniu przez Admina OTL [log]OTL Extras logfile created on: 2011-03-15 16:37:26 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Downloads\zOTL Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 33,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,26 Gb Total Space | 3,46 Gb Free Space | 9,29% Space Free | Partition Type: NTFS Drive E: | 520,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,69 Gb Total Space | 2,07 Gb Free Space | 56,18% Space Free | Partition Type: FAT32 Computer Name: BROWAR-OFAN0ZSH | User Name: Zurek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UacDisableNotify" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe:*:Enabled:ipsec -- (France Telecom SA) "C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:ipsec -- (FlashGet.com) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe" = C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump) "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe" = C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump) "F:\pogsmd.pif" = F:\pogsmd.pif:*:Enabled:ipsec -- (Microsoft Corporation) "C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe:*:Enabled:ipsec "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe:*:Enabled:ipsec -- (France Telecom SA) "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation) "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe:*:Enabled:ipsec "C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe:*:Enabled:ipsec -- (France Telecom SA) "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe:*:Enabled:ipsec -- (France Telecom SA) "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe" = C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:ipsec -- (France Telecom SA) "C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG) "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.) "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec -- () "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winofmhb.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winofmhb.exe:*:Enabled:ipsec [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{051E7B99-6D35-4905-BAF3-740893EF657A}" = Total Overdose "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7 "{1B5A737F-ADEC-46DF-9539-B49D0828A175}" = Gothic "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A9C37A6-AD4C-443D-0098-6B0A1865DEE2}" = FIFA 07 "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{BD49141C-188C-4B75-9F46-C2C42F2D1045}" = Nero 7 Essentials "{BEWINTERNET-PL-IEW}.UninstallSuite" = Odinstaluj Orange Free "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{DE74FC6F-EB3C-4EFC-B5AA-0F0C03DEC23F}" = MANTA "{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4 "{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BSPlayerf" = BS.Player FREE "CABAL Online EU Update - Siena The Queen_is1" = Cabal Online Europe - Siena The Queen "CABAL Online: Episode V_is1" = Cabal Online Europe - Episode V Patcher "CABAL Online: Illusion Castle Patch_is1" = Cabal Online Europe - Illusion Castle "CABAL Online: Porta Inferno Patch_is1" = Cabal Online Europe - Porta Inferno 502 Patch "CABAL Online: Radiant Hall_is1" = Cabal Online Europe - Radiant Hall "CardDetectorZTEMF636" = Card Detector for ZTE MF636 "cFosSpeed" = cFosSpeed v4.00 "C-Media Audio" = C-Media 3D Audio "CMPL_is1" = Crazy Machines: Nowe wyzwania "Convert XLS_is1" = Convert XLS "Counter-Strike 1.6" = Counter-Strike 1.6 "CWPL_is1" = Combat Wings "EEEE705096F837B7907659F100C9FE6DA001970F" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "FlashGet" = FlashGet 1.9.6.1073 "FormatFactory" = FormatFactory 2.30 "Foxit Reader" = Foxit Reader "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "Game Booster_is1" = Game Booster "GTAViceCarEditor_is1" = GTAViceCarEditor 1.1.1 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.47 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Minecraft 1.2.0_02" = Minecraft 1.2.0_02 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Nokia PC Suite" = Nokia PC Suite "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NSS" = NSS (remove only) "Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "Totalcmd" = Total Commander (Remove or Repair) "Two Worlds" = Two Worlds "Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = Archiwizator WinRAR "WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec "Works2003Setup" = Microsoft Works 2003-Setup-Start "Xfire" = Xfire (remove only) "xp-AntiSpy" = xp-AntiSpy 3.97-9 "xplorer2p" = xplorer˛ professional 32 bit [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-02-23 12:59:12 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2. Error - 2011-02-24 10:41:48 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2. Error - 2011-03-01 14:36:25 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd f1upgradeutility.exe, wersja 1.0.0.14, moduł powodujący błąd msvbvm60.dll, wersja 6.0.97.82, adres błędu 0x00072948. Error - 2011-03-01 14:55:28 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd xplorer2_uc.exe, wersja 1.8.1.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-03-02 02:03:16 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2. Error - 2011-03-05 08:52:53 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2011-03-05 08:54:08 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 1015 Description = Upłynął czas oczekiwania na zakończenie wywołania funkcji gromadzenia danych wydajności, „PerfProc”, w bibliotece „C:\WINDOWS\system32\perfproc.dll”. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mogły być bardzo zajęte w momencie wywołania tej procedury. Error - 2011-03-05 08:55:52 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 1015 Description = Upłynął czas oczekiwania na zakończenie wywołania funkcji gromadzenia danych wydajności, „PerfProc”, w bibliotece „C:\WINDOWS\system32\perfproc.dll”. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mogły być bardzo zajęte w momencie wywołania tej procedury. Error - 2011-03-05 15:32:21 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2011-03-06 04:21:03 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. [ System Events ] Error - 2011-03-13 13:13:32 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:13:44 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:13:52 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa cFosSpeed System Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:13:54 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa France Telecom Routing Table Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:14:00 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa Hotspot Shield Monitoring Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:14:02 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-03-13 13:14:23 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7031 Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2011-03-13 13:54:53 | Computer Name = BROWAR-OFAN0ZSH | Source = NetBT | ID = 4311 Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia sterownika. Error - 2011-03-13 13:54:53 | Computer Name = BROWAR-OFAN0ZSH | Source = NetBT | ID = 4311 Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia sterownika. Error - 2011-03-13 20:45:03 | Computer Name = BROWAR-OFAN0ZSH | Source = DCOM | ID = 10010 Description = Serwer {25E8A7CA-5874-4F85-BC00-35210131C444} nie zarejestrował się w modelu DCOM w wymaganym czasie. < End of report > OTL logfile created on: 2011-03-15 16:37:26 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Downloads\zOTL Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 33,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,26 Gb Total Space | 3,46 Gb Free Space | 9,29% Space Free | Partition Type: NTFS Drive E: | 520,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,69 Gb Total Space | 2,07 Gb Free Space | 56,18% Space Free | Partition Type: FAT32 Computer Name: BROWAR-OFAN0ZSH | User Name: Zurek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-03-15 14:54:26 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Temp\winppcbn.exe PRC - [2011-03-06 19:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\zOTL\OTL.exe PRC - [2011-03-05 13:51:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2011-03-05 08:09:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011-03-05 08:09:36 | 000,986,072 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-12-16 06:19:28 | 013,054,560 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-11-12 19:08:04 | 000,398,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe PRC - [2010-10-20 11:22:24 | 000,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2010-10-20 11:20:46 | 000,149,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010-07-22 12:08:30 | 001,982,464 | ---- | M] (Webteh) -- C:\Program Files\Webteh\BSplayer\bsplayer.exe PRC - [2010-05-14 10:32:30 | 001,561,600 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009-10-27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-10-24 20:04:02 | 000,774,896 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe PRC - [2008-10-24 19:48:54 | 000,323,584 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Systray\SystrayApp.exe PRC - [2008-10-24 19:46:54 | 001,003,520 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Phonetools\TextMessaging.exe PRC - [2008-10-24 19:37:18 | 001,429,504 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Deskboard\Deskboard.exe PRC - [2008-10-24 19:28:42 | 000,917,504 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe PRC - [2008-10-24 19:27:18 | 000,491,520 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\corecom\CoreCom.exe PRC - [2008-10-24 19:24:14 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe PRC - [2008-10-24 19:21:24 | 000,163,840 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe PRC - [2008-10-14 11:07:14 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe PRC - [2007-09-25 09:10:50 | 002,076,720 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe PRC - [2007-06-27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2007-06-27 18:03:40 | 000,226,600 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007-06-19 10:20:00 | 000,310,488 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2006-10-26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE PRC - [2006-05-03 17:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-01-02 15:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2004-08-22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe PRC - [2004-08-11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 00:44:30 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 00:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 00:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-03-06 19:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\zOTL\OTL.exe MOD - [2008-12-09 11:13:02 | 000,035,328 | ---- | M] (BST) -- C:\Program Files\Webteh\BSplayer\mmkeybsupp.dll MOD - [2007-05-18 17:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 00:44:16 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2004-08-04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 00:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-04 00:44:12 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 00:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 00:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 00:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 00:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 00:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2004-08-04 00:44:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2004-08-04 00:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 00:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 00:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 00:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 00:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 00:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 00:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2010-10-20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2010-06-16 21:33:44 | 000,322,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Disabled | Stopped] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2007-06-19 10:20:00 | 000,310,488 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5) DRV - [2010-06-16 21:33:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv) DRV - [2010-06-16 21:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-03-25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-10-14 08:10:30 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-06-16 09:13:46 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2007-06-19 10:20:06 | 000,684,248 | R--- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed) DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt) DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\d347bus.sys -- (d347bus) DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-57989841-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.6 FF - prefs.js..extensions.enabledItems: {32c1ae0f-a1ed-4128-b922-7e83a47d79b7}:3.0 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-11-27 14:14:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-08 16:24:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:52:22 | 000,000,000 | ---D | M] [2010-08-13 17:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Extensions [2011-03-14 20:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions [2010-11-15 18:22:59 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7} [2011-03-03 19:34:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-03-03 19:34:06 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011-03-03 19:28:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-03-03 19:34:06 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-08-18 11:28:07 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\smarterwiki@wikiatic.com [2010-10-20 16:26:32 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\tabscope@xuldev.org [2011-03-10 18:45:24 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\toolbar@ask.com [2011-03-14 19:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-03-05 13:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010-11-15 17:41:50 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011-03-05 13:51:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-11-27 14:14:40 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2011-03-05 13:51:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-03-10 17:56:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010-10-20 16:26:09 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-20 16:26:09 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-20 16:26:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-20 16:26:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-20 16:26:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-20 16:26:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-03-14 15:48:41 | 000,000,602 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [BEWINTERNET-PL-IEWSessionManager] C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - HKU\S-1-5-21-602162358-57989841-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-602162358-57989841-1801674531-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\JC_ALL.HTM () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O15 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-11-27 11:38:42 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-11-27 14:54:54 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008-04-15 13:00:00 | 000,000,301 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell - "" = AutoRun O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\AutoRun\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\configure\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\install\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\AutoplAY\command - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\AutoRun\command - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\EXplORe\cOMMAnd - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation) O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\OPeN\CoMmand - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "HssWd" MsConfig - Services: "FTRTSVC" MsConfig - StartUpReg: [b]Cmaudio[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ctfmon.exe[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Nowe Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Nowe Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) MsConfig - StartUpReg: [b]PC Suite Tray[/b] - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: [b]PcSync[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Tok-Cirrhatus[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-03-15 16:30:41 | 000,000,000 | ---D | C] -- C:\rsit [2011-03-14 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-03-14 19:12:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2011-03-13 17:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software [2011-03-13 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Malwarebytes [2011-03-13 09:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware [2011-03-13 09:42:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011-03-13 09:42:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011-03-13 09:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2011-03-13 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-03-12 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Reality Pump [2011-03-12 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Reality Pump [2011-03-12 19:17:59 | 000,000,000 | R--D | C] -- C:\Bartek [2011-03-12 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2011-03-12 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2011-03-12 16:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2011-03-12 15:58:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011-03-12 15:28:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2011-03-12 15:12:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2011-03-10 20:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Ahead [2011-03-10 20:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero 7 Essentials [2011-03-10 20:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Ahead [2011-03-10 20:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero [2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead [2011-03-10 18:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2011-03-10 18:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2011-03-10 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\ARCANIX INSTALKA [2011-03-10 18:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit [2011-03-10 17:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Foxit Reader [2011-03-10 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011-03-10 17:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011-03-10 17:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2011-03-10 17:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\ARCAVIR [2011-03-10 17:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\MS Office 2007 Enterprise PL [2011-03-09 20:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client [2011-03-09 20:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TeamSpeak 3 Client [2011-03-09 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2011-03-05 19:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\CABAL MUZYKA [2011-03-05 13:57:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2011-03-05 13:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2011-03-05 13:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011-03-05 13:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2011-03-03 19:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\dwhelper [2011-03-02 20:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011-03-02 20:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo [2011-03-02 20:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\Downloads [2011-03-01 19:56:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Zurek\Pulpit\NOKIA [2011-03-01 19:37:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Zurek\Pulpit\GRY [2011-02-28 19:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Google [2011-02-26 13:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\cabal [2011-02-20 17:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia855 [2011-02-19 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia86 [2011-02-19 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia [2011-02-19 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibia [2011-02-19 15:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia [2011-02-19 15:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Asprate [2011-02-19 15:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate [2011-02-17 17:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft [2011-02-17 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft [2011-02-13 17:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GTAViceCarEditor [2011-02-13 17:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\GTAViceCarEditor [2011-02-13 13:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\VICE CITY SONG [2011-01-26 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Menu Start\Programy\Virtual DJ [2011-01-26 16:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2011-01-26 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\VirtualDJ [2011-01-20 17:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\hanldling [2011-01-19 20:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\Combat Wings savegames [2011-01-19 19:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\City Interactive [2011-01-19 19:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive [2011-01-14 19:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\GTA Vice City User Files [2011-01-14 18:59:09 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2011-01-14 18:59:09 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2011-01-14 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools [2010-11-03 11:33:35 | 000,773,120 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\Zurek\Dane aplikacji\MinecraftSP.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-03-15 14:50:59 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job [2011-03-15 14:50:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-03-15 11:26:27 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-03-14 21:13:35 | 000,002,791 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\HiJackThis.lnk [2011-03-14 21:10:10 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\Zurek\ntuser.pol [2011-03-14 19:15:20 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\FIX.reg [2011-03-14 19:08:43 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\mmm.reg [2011-03-14 15:15:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-03-14 15:12:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011-03-13 11:46:04 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011-03-13 09:42:45 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2011-03-12 20:59:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011-03-12 20:25:33 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Zurek\default.pls [2011-03-12 19:23:39 | 000,451,352 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-03-12 19:23:38 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-03-12 19:23:38 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-03-12 19:23:38 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-03-12 15:44:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-03-12 15:20:39 | 000,250,624 | RHS- | M] () -- C:\ntldr [2011-03-12 15:20:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011-03-11 16:07:09 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-03-10 20:18:03 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk [2011-03-10 20:18:03 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk [2011-03-10 20:18:03 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk [2011-03-10 20:00:50 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx [2011-03-10 17:57:18 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk [2011-03-09 20:43:04 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2011-03-04 22:08:05 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-03 17:11:22 | 005,324,832 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Eazy-E - Real Muthaphukkin Gs.mp3 [2011-03-02 22:31:41 | 000,013,814 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\bmw.jpeg [2011-03-02 20:13:33 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Finish Downloading Brothersoft Download Manager.lnk [2011-03-01 19:26:15 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\backup.reg [2011-03-01 19:13:31 | 000,000,028 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\END.exe [2011-02-26 19:24:04 | 000,256,460 | ---- | M] () -- C:\Documents and Settings\Zurek\Moje dokumenty\nfsw051.jpg [2011-02-19 16:38:02 | 000,343,828 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak [2011-02-17 17:46:24 | 000,167,423 | ---- | M] () -- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe [2011-02-17 17:46:24 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Minecraft.lnk [2011-02-17 16:45:05 | 002,833,986 | ---- | M] () -- C:\Documents and Settings\Zurek\Moje dokumenty\javaw 2011-02-17 16-40-33-72.bmp [2011-02-16 18:41:26 | 000,051,170 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Afryka_mapaaaaaaaaaaaaaaaaaaaaaaaaaa.gif [2011-02-15 18:10:18 | 000,000,068 | ---- | M] () -- C:\WINDOWS\SW_Win3112X32.DLL [2011-02-15 18:08:06 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\XLSCX.INI [2011-02-04 10:22:03 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Xfire (2).lnk [2011-01-20 17:24:24 | 000,045,715 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\2011-01-16_www_ModBase_PL_GTA_VC_Save_100_.rar [2011-01-19 00:28:27 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816.JPG.sha [2011-01-19 00:26:58 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816hhh.sha [2011-01-19 00:25:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816kkkk.sha [2011-01-15 19:48:56 | 000,201,828 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\GTAVCsf6.b [2011-01-15 17:22:01 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Skrót do daemon.lnk [2011-01-14 18:59:07 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-03-14 21:13:35 | 000,002,791 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\HiJackThis.lnk [2011-03-14 19:15:20 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\FIX.reg [2011-03-14 19:13:58 | 000,000,448 | RHS- | C] () -- C:\Documents and Settings\Zurek\ntuser.pol [2011-03-14 19:08:43 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\mmm.reg [2011-03-13 11:43:54 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011-03-13 09:42:45 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2011-03-12 15:36:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax [2011-03-12 15:36:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax [2011-03-12 15:36:35 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax [2011-03-12 15:36:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2011-03-12 15:36:26 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2011-03-12 15:36:24 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2011-03-12 15:36:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2011-03-11 11:44:45 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Zurek\default.pls [2011-03-10 20:43:24 | 024,894,816 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\gg10.exe [2011-03-10 20:18:03 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk [2011-03-10 20:18:03 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk [2011-03-10 20:18:03 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk [2011-03-10 17:57:18 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk [2011-03-09 20:43:04 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2011-03-03 17:05:56 | 005,324,832 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Eazy-E - Real Muthaphukkin Gs.mp3 [2011-03-02 22:31:41 | 000,013,814 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\bmw.jpeg [2011-03-02 20:13:33 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Finish Downloading Brothersoft Download Manager.lnk [2011-03-01 19:26:15 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\backup.reg [2011-03-01 19:13:30 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\END.exe [2011-02-26 19:23:10 | 000,256,460 | ---- | C] () -- C:\Documents and Settings\Zurek\Moje dokumenty\nfsw051.jpg [2011-02-19 16:38:02 | 000,343,828 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak [2011-02-17 17:46:23 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Minecraft.lnk [2011-02-17 17:46:02 | 000,167,423 | ---- | C] () -- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe [2011-02-17 16:41:22 | 002,833,986 | ---- | C] () -- C:\Documents and Settings\Zurek\Moje dokumenty\javaw 2011-02-17 16-40-33-72.bmp [2011-02-16 18:41:26 | 000,051,170 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Afryka_mapaaaaaaaaaaaaaaaaaaaaaaaaaa.gif [2011-02-04 10:22:03 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Xfire (2).lnk [2011-01-20 17:26:45 | 000,201,828 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\GTAVCsf6.b [2011-01-20 17:26:35 | 000,045,715 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\2011-01-16_www_ModBase_PL_GTA_VC_Save_100_.rar [2011-01-19 19:41:51 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax [2011-01-19 19:41:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011-01-19 19:41:49 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax [2011-01-19 19:41:49 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax [2011-01-19 19:41:42 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax [2011-01-19 00:28:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816.JPG.sha [2011-01-19 00:26:58 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816hhh.sha [2011-01-19 00:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816kkkk.sha [2011-01-15 17:22:01 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Skrót do daemon.lnk [2011-01-14 19:18:11 | 692,432,896 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Vice_City_Play.iso [2011-01-14 19:05:28 | 702,814,208 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\GTA_Vice_City.iso [2011-01-14 18:59:07 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk [2011-01-04 17:40:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010-11-27 13:18:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2010-11-27 13:16:55 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2010-11-14 12:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010-11-01 20:01:24 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2010-10-31 19:56:02 | 000,023,660 | ---- | C] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\JunkAtx18.bin [2010-10-31 19:18:03 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys [2010-09-18 13:09:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-09-10 14:19:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2010-09-01 17:50:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI [2010-09-01 17:50:24 | 000,000,068 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL [2010-09-01 17:50:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini [2010-09-01 17:49:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll [2010-09-01 17:49:59 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll [2010-09-01 17:49:59 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010-09-01 17:49:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe [2010-08-22 12:03:53 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-18 14:04:05 | 000,000,409 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-08-13 18:41:19 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010-08-13 17:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-08-13 17:18:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-08-13 17:17:26 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-13 16:41:44 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2010-08-13 16:41:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2010-08-13 16:41:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2010-08-13 16:41:42 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2010-08-13 16:41:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2010-08-13 16:41:37 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2010-08-13 16:41:37 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe [2010-08-13 16:41:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2010-08-13 16:40:23 | 000,002,299 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-08-13 16:40:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010-08-13 16:36:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-08-13 16:29:56 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-07-09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-08-01 09:25:25 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll [2006-04-28 21:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2004-08-22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001-10-26 17:15:16 | 000,451,352 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 17:15:16 | 000,075,486 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-17 22:30:24 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-17 22:30:22 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-21 23:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2011-02-23 18:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia [2011-03-11 16:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-09-17 16:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-11-27 17:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-11-18 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2011-03-10 18:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2010-11-28 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-09-17 18:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-11-27 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2011-03-13 20:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft [2010-08-29 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\BSplayer [2010-08-22 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\BSplayer Pro [2010-09-01 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Docx2Rtf [2011-03-10 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit [2011-03-13 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software [2010-08-18 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu [2011-02-28 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu 10 [2010-11-01 19:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gearbox Software [2011-03-02 20:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo [2010-09-04 09:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\GHISLER [2010-12-16 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Nokia [2010-09-16 17:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Nowe Gadu-Gadu [2010-09-01 17:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\NwDocx [2010-09-17 18:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\OpenFM [2010-12-16 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\PC Suite [2011-02-25 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia [2011-03-09 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client [2011-03-15 14:50:59 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-11-27 11:38:42 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT [2011-03-14 15:12:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-12-05 13:02:15 | 000,157,220 | ---- | M] () -- C:\Cabal(Ver1333-101205-1201-0000).jpg [2010-08-13 16:33:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-08-13 16:33:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006-10-03 12:40:06 | 000,403,140 | ---- | M] () -- C:\Mp3Playermp3.SIS [2010-08-13 16:33:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-03-12 15:20:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011-03-12 15:20:39 | 000,250,624 | RHS- | M] () -- C:\ntldr [2011-03-15 14:50:37 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys [3 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys [2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys [2001-08-17 20:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2001-08-17 20:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2001-08-17 22:51:54 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [2001-08-17 22:52:28 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [2001-10-26 18:29:30 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=F5E8D86A0C880E4CD96B03FC9F66ABF7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2001-08-18 07:24:32 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe [2001-10-26 18:30:06 | 000,432,640 | ---- | M] (Microsoft Corporation) MD5=306530C12F412868E2E85431250E68A1 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 8 bytes -> C:\WINDOWS: < End of report > [/log] RSIT [log]info.txt logfile of random's system information tool 1.08 2011-03-15 16:32:03 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe" Cabal Online Europe - Episode V Patcher-->"C:\Games-Masters.com\CABAL Online (Europe)\unins005.exe" Cabal Online Europe - Illusion Castle-->"C:\Games-Masters.com\CABAL Online (Europe)\unins002.exe" Cabal Online Europe - Porta Inferno 502 Patch-->"C:\Games-Masters.com\CABAL Online (Europe)\unins004.exe" Cabal Online Europe - Radiant Hall-->"C:\Games-Masters.com\CABAL Online (Europe)\unins003.exe" Cabal Online Europe - Siena The Queen-->"C:\Games-Masters.com\CABAL Online (Europe)\unins001.exe" Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u cFosSpeed v4.00-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe Combat Wings-->"C:\Program Files\City Interactive\Combat Wings\unins000.exe" Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe" Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe Crazy Machines: Nowe wyzwania-->"C:\Program Files\City Interactive\Crazy Machines - Nowe wyzwania\unins000.exe" DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} FIFA 07-->C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe FormatFactory 2.30-->C:\Program Files\FreeTime\FormatFactory\uninst.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe" Gothic-->C:\Program Files\InstallShield Installation Information\{1B5A737F-ADEC-46DF-9539-B49D0828A175}\setup.exe -runfromtemp -l0x0015 -removeonly Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9 GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly GTAViceCarEditor 1.1.1-->"C:\Program Files\GTAViceCarEditor\unins000.exe" HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotspot Shield 1.47-->C:\Program Files\Hotspot Shield\Uninstall.exe Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MANTA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE74FC6F-EB3C-4EFC-B5AA-0F0C03DEC23F}\setup.exe" -l0x9 -removeonly Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe" Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850415-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Works 2003-Setup-Start-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\ Microsoft Works 7.0 -->MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772} Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB} Minecraft 1.2.0_02-->C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe Mozilla Firefox (3.6.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe Nero 7 Essentials-->MsiExec.exe /X{BD49141C-188C-4B75-9F46-C2C42F2D1045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_pol_web.exe Nokia PC Suite-->MsiExec.exe /I{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E} Nokia Software Updater-->MsiExec.exe /X{4D568C38-0552-4CDD-A643-01FAFA2957EF} Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe NSS (remove only)-->C:\Program Files\NSS\uninstall.exe Odinstaluj Orange Free-->C:\Program Files\OrangeBS\BEWInternet-PL-IEW\installation\core\Installgui.exe -u Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_D745A35E775153D4241BCAFD53B508006B129D5F\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_303CF1FED5DA0A0063DA86B4F733C34AA8C8B2C1\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB} REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe Tibia-->"C:\Program Files\Tibia855\unins000.exe" Tony Hawks Pro Skater 4-->MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC} Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Total Overdose-->MsiExec.exe /X{051E7B99-6D35-4905-BAF3-740893EF657A} Two Worlds-->C:\Program Files\Reality Pump\Two Worlds\Uninstall.exe Virtual DJ Home - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Video 9 Advanced Profile Codec-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" xp-AntiSpy 3.97-9-->C:\Program Files\xp-AntiSpy\Uninstall.exe xplorer˛ professional 32 bit-->"C:\Program Files\zabkat\xplorer2\Uninstall.exe" YouTube Downloader 2.5.7-->"C:\Program Files\YouTube Downloader\uninstall.exe" ======System event log====== Computer Name: BROWAR-OFAN0ZSH Event Code: 64 Message: Błąd składniowy w pliku manifestu lub w pliku zasad "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" w wierszu 12. Manifest główny lub aplikacji zawiera element noInherit, ale zależny manifest montażowy nie zawiera elementu noInheritable. Manifesty aplikacji zawierające element noInherit mogą tylko zależeć od zestawów noInheritable. Record Number: 43442 Source Name: SideBySide Time Written: 20110307201002.000000+060 Event Type: błąd User: Computer Name: BROWAR-OFAN0ZSH Event Code: 59 Message: Generate Activation Context nie powiodło się dla C:\Program Files\Microsoft Office\Office12\msohevi.dll. Odpowiedni komunikat o błędzie: Operacja ukończona pomyślnie. . Record Number: 43441 Source Name: SideBySide Time Written: 20110307201002.000000+060 Event Type: błąd User: Computer Name: BROWAR-OFAN0ZSH Event Code: 59 Message: Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni komunikat o błędzie: Plik demonstracyjny zawiera jeden lub więcej błędów składniowych. . Record Number: 43440 Source Name: SideBySide Time Written: 20110307201002.000000+060 Event Type: błąd User: Computer Name: BROWAR-OFAN0ZSH Event Code: 33 Message: Nie można uruchomić aplikacji z powodu nieprawidłowego manifestu. Record Number: 43439 Source Name: SideBySide Time Written: 20110307201002.000000+060 Event Type: błąd User: Computer Name: BROWAR-OFAN0ZSH Event Code: 58 Message: Błąd składniowy w pliku manifestu lub w pliku zasad "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" w wierszu 12. Record Number: 43438 Source Name: SideBySide Time Written: 20110307201002.000000+060 Event Type: błąd User: =====Application event log===== Computer Name: BROWAR-OFAN0ZSH Event Code: 2001 Message: Pomyślnie uruchomiono usługę EAPOL Record Number: 400 Source Name: EAPOL Time Written: 20101120122934.000000+060 Event Type: informacje User: Computer Name: BROWAR-OFAN0ZSH Event Code: 2002 Message: Pomyślnie zatrzymano usługę EAPOL Record Number: 399 Source Name: EAPOL Time Written: 20101120122931.000000+060 Event Type: informacje User: Computer Name: BROWAR-OFAN0ZSH Event Code: 2003 Message: Usługa EAPOL jest uruchomiona Record Number: 398 Source Name: EAPOL Time Written: 20101120122931.000000+060 Event Type: informacje User: Computer Name: BROWAR-OFAN0ZSH Event Code: 105 Message: The service was started. Record Number: 397 Source Name: ATI Smart Time Written: 20101120122833.000000+060 Event Type: informacje User: Computer Name: BROWAR-OFAN0ZSH Event Code: 2001 Message: Pomyślnie uruchomiono usługę EAPOL Record Number: 396 Source Name: EAPOL Time Written: 20101120122819.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0304 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Logfile of random's system information tool 1.08 (written by random/random) Run by Zurek at 2011-03-15 16:31:20 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 4 GB (9%) free of 38 GB Total RAM: 1023 MB (34% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:31:58, on 2011-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\IObit\Game Booster\GameBox.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\systray\systrayapp.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\PhoneTools\TextMessaging.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Deskboard\deskboard.exe C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Webteh\BSplayer\bsplayer.exe C:\Downloads\zRSIT\RSIT.exe C:\Program Files\trend micro\Zurek.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe O4 - HKLM\..\Run: [BEWINTERNET-PL-IEWSessionManager] "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C6A51BC3-E358-43CA-9016-02A890718BA2}: NameServer = 217.116.100.65 79.163.127.70 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7069 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Game_Booster_Startup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-05 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-05 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-06-16 230448] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-09-25 2076720] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-10-14 274432] "BEWINTERNET-PL-IEWSessionManager"=C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe [2008-10-24 205552] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 226864] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1561600] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 226600] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe [2010-12-16 13054560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 108840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe [2008-08-14 9929312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1561600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus] C:\Program Files\Gadu-Gadu 10\gg.exe [2010-12-16 13054560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "HssWd"=2 "FTRTSVC"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\syste [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableCMD"=0 "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 "DisableTaskMgr"=0 "DisableRegistryTools"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=1 "NoInstrumentation"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe:*:Enabled:ipsec" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:ipsec" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds" "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds" "F:\pogsmd.pif"="F:\pogsmd.pif:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe:*:Enabled:ipsec" "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe:*:Enabled:ipsec" "C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec" "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe:*:Enabled:ipsec" "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe:*:Enabled:ipsec" "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec" "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2011-03-15 16:30:41 ----D---- C:\rsit 2011-03-14 21:13:34 ----D---- C:\Program Files\Trend Micro 2011-03-14 19:12:54 ----HD---- C:\WINDOWS\system32\GroupPolicy 2011-03-13 17:14:43 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software 2011-03-13 11:43:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2011-03-13 09:42:53 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Malwarebytes 2011-03-13 09:42:41 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011-03-13 09:42:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2011-03-13 09:42:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2011-03-13 09:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-03-12 20:56:03 ----D---- C:\Program Files\Reality Pump 2011-03-12 19:17:59 ----RD---- C:\Bartek 2011-03-12 16:32:15 ----A---- C:\WINDOWS\system32\msonpmon.dll 2011-03-12 16:28:29 ----D---- C:\Program Files\MSBuild 2011-03-12 16:26:46 ----D---- C:\Program Files\Microsoft Visual Studio 2011-03-12 16:15:18 ----D---- C:\Program Files\Microsoft Visual Studio 8 2011-03-12 15:58:07 ----D---- C:\WINDOWS\Prefetch 2011-03-12 15:38:06 ----A---- C:\WINDOWS\system32\wmpns.dll 2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\spiisupd.exe 2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\drivers\irbus.sys 2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\comsdupd.exe 2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\asr_pfu.exe 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\amdk7.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll 2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys 2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hidir.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthport.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys 2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\http.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys 2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys 2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys 2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\siint5.dll 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\recagent.sys 2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usbehci.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\tunmp.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\smbali.sys 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\cmsetacl.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\btpanui.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bthserv.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bthci.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\blastcln.exe 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bitsprx3.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bitsprx2.dll 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\auditusr.exe 2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2011-03-12 15:36:20 ----N---- C:\WINDOWS\system32\dsprpres.dll 2011-03-12 15:36:19 ----N---- C:\WINDOWS\system32\extmgr.dll 2011-03-12 15:36:19 ----N---- C:\WINDOWS\system32\encdec.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\ieencode.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\httpapi.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\hccoin.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fwcfg.dll 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fsquirt.exe 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fltmc.exe 2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fltlib.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\mp43dmod.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdukx.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdsmsno.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdno1.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmlt48.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmlt47.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmaori.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinmal.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinben.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinbe1.dll 2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdfi1.dll 2011-03-12 15:36:14 ----N---- C:\WINDOWS\system32\msdadiag.dll 2011-03-12 15:36:14 ----N---- C:\WINDOWS\system32\mp4sdmod.dll 2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\mssap.dll 2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\msftedit.dll 2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\xpob2res.dll 2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\p2pgasvc.dll 2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\p2p.dll 2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\powercfg.exe 2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\pnrpnsp.dll 2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2psvc.dll 2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2pnetsh.dll 2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2pgraph.dll 2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\sbeio.dll 2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\sbe.dll 2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\s3gnb.dll 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\xpsp1res.dll 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\smbinst.exe 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slserv.exe 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slrundll.exe 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slgen.dll 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slextspk.dll 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slcoinst.dll 2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\sdhcinst.dll 2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\xpsp2res.dll 2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\w3ssl.dll 2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\twext.dll 2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\strmfilt.dll 2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\wmerror.dll 2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winshfhc.dll 2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winhttp.dll 2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winbrand.dll 2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wscntfy.exe 2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmpdxm.dll 2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmpasf.dll 2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmp.dll 2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wuauclt1.exe 2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wuapi.dll 2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wshbth.dll 2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wscsvc.dll 2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wups.dll 2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wucltui.dll 2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wuaueng1.dll 2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\xmlprovi.dll 2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\xmlprov.dll 2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\wuweb.dll 2011-03-12 15:35:59 ----N---- C:\WINDOWS\slrundll.exe 2011-03-12 15:28:42 ----D---- C:\WINDOWS\ServicePackFiles 2011-03-12 15:17:58 ----A---- C:\WINDOWS\002344_.tmp 2011-03-12 15:12:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2011-03-10 20:16:49 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Ahead 2011-03-10 20:13:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2011-03-10 20:03:56 ----D---- C:\Program Files\Nero 2011-03-10 20:03:56 ----D---- C:\Program Files\Common Files\Ahead 2011-03-10 20:03:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2011-03-10 18:12:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software 2011-03-10 18:12:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2011-03-10 18:01:14 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit 2011-03-10 17:57:00 ----D---- C:\Program Files\Ask.com 2011-03-10 17:56:35 ----D---- C:\Program Files\Foxit Software 2011-03-10 17:56:03 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2011-03-09 20:44:28 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client 2011-03-09 20:42:48 ----D---- C:\Program Files\TeamSpeak 3 Client 2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\ptpusd.dll 2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\ptpusb.dll 2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys 2011-03-05 13:57:53 ----D---- C:\WINDOWS\Sun 2011-03-05 13:53:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\javaws.exe 2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\javaw.exe 2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\java.exe 2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\deployJava1.dll 2011-03-05 13:50:42 ----D---- C:\Program Files\Java 2011-03-05 13:49:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2011-03-02 20:23:52 ----HD---- C:\WINDOWS\PIF 2011-03-02 20:13:07 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo 2011-02-20 17:16:39 ----D---- C:\Program Files\Tibia855 2011-02-19 17:39:16 ----D---- C:\Program Files\Tibia86 2011-02-19 17:04:36 ----A---- C:\temp9212.tmp 2011-02-19 17:03:37 ----A---- C:\temp5281.tmp 2011-02-19 17:02:27 ----A---- C:\temp9712.tmp 2011-02-19 16:38:02 ----A---- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak 2011-02-19 16:23:44 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia 2011-02-19 15:32:28 ----D---- C:\Program Files\Tibia 2011-02-19 15:13:11 ----D---- C:\Program Files\Asprate 2011-02-17 17:46:02 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft 2011-02-17 17:46:02 ----A---- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe ======List of files/folders modified in the last 1 months====== 2011-03-15 16:31:19 ----D---- C:\Program Files\FlashGet 2011-03-15 16:30:13 ----D---- C:\Downloads 2011-03-15 16:23:33 ----D---- C:\Program Files\cFosSpeed 2011-03-15 16:22:31 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt 2011-03-15 16:17:54 ----D---- C:\WINDOWS\system32\CatRoot2 2011-03-15 14:51:30 ----D---- C:\WINDOWS\Temp 2011-03-15 14:51:29 ----D---- C:\WINDOWS\system32\drivers 2011-03-15 12:57:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-03-14 21:13:35 ----SHD---- C:\WINDOWS\Installer 2011-03-14 21:13:34 ----RD---- C:\Program Files 2011-03-14 20:58:41 ----D---- C:\WINDOWS\SoftwareDistribution 2011-03-14 20:58:03 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-03-14 20:57:57 ----D---- C:\WINDOWS\system32 2011-03-14 18:46:46 ----RAD---- C:\WINDOWS 2011-03-14 18:45:14 ----D---- C:\WINDOWS\Minidump 2011-03-14 16:57:51 ----D---- C:\WINDOWS\pss 2011-03-14 15:45:39 ----D---- C:\Program Files\messenger 2011-03-14 15:41:33 ----D---- C:\Program Files\Common Files 2011-03-14 15:21:22 ----D---- C:\WINDOWS\system32\config 2011-03-14 15:20:54 ----D---- C:\WINDOWS\system32\wbem 2011-03-14 15:20:50 ----D---- C:\WINDOWS\Registration 2011-03-14 15:13:09 ----D---- C:\WINDOWS\security 2011-03-14 15:12:18 ----D---- C:\WINDOWS\system32\Restore 2011-03-14 15:12:07 ----RASH---- C:\boot.ini 2011-03-14 15:12:07 ----A---- C:\WINDOWS\win.ini 2011-03-14 15:12:07 ----A---- C:\WINDOWS\system.ini 2011-03-13 12:05:20 ----HD---- C:\WINDOWS\inf 2011-03-12 20:58:31 ----D---- C:\WINDOWS\system32\DirectX 2011-03-12 20:57:13 ----RSD---- C:\WINDOWS\assembly 2011-03-12 20:53:49 ----D---- C:\Program Files\Rockstar Games 2011-03-12 19:23:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-03-12 19:23:37 ----SD---- C:\Documents and Settings\Zurek\Dane aplikacji\Microsoft 2011-03-12 16:33:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2011-03-12 16:28:45 ----D---- C:\Program Files\Common Files\Microsoft Shared 2011-03-12 16:26:33 ----D---- C:\WINDOWS\ShellNew 2011-03-12 16:25:05 ----D---- C:\Program Files\Microsoft Office 2011-03-12 16:25:04 ----RSD---- C:\WINDOWS\Fonts 2011-03-12 16:24:05 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2011-03-12 16:11:53 ----D---- C:\Program Files\Common Files\System 2011-03-12 16:00:21 ----A---- C:\WINDOWS\setuplog.txt 2011-03-12 16:00:01 ----D---- C:\WINDOWS\system32\inetsrv 2011-03-12 15:58:21 ----D---- C:\WINDOWS\Debug 2011-03-12 15:56:58 ----D---- C:\WINDOWS\AppPatch 2011-03-12 15:44:39 ----A---- C:\WINDOWS\imsins.BAK 2011-03-12 15:43:43 ----D---- C:\WINDOWS\system32\CatRoot 2011-03-12 15:36:42 ----D---- C:\WINDOWS\WinSxS 2011-03-12 15:36:37 ----D---- C:\WINDOWS\system32\Setup 2011-03-12 15:36:37 ----D---- C:\WINDOWS\EHome 2011-03-12 15:36:36 ----D---- C:\WINDOWS\Help 2011-03-12 15:36:33 ----D---- C:\WINDOWS\ime 2011-03-12 15:35:59 ----D---- C:\WINDOWS\system32\oobe 2011-03-12 15:35:59 ----D---- C:\Program Files\Windows Media Player 2011-03-12 15:35:57 ----D---- C:\Program Files\Internet Explorer 2011-03-12 15:35:56 ----D---- C:\WINDOWS\peernet 2011-03-12 15:35:56 ----D---- C:\Program Files\Movie Maker 2011-03-12 15:35:53 ----D---- C:\WINDOWS\Media 2011-03-12 15:27:49 ----D---- C:\WINDOWS\system32\npp 2011-03-12 15:27:48 ----D---- C:\WINDOWS\msagent 2011-03-12 15:27:38 ----D---- C:\WINDOWS\srchasst 2011-03-12 15:27:31 ----D---- C:\Program Files\NetMeeting 2011-03-12 15:27:27 ----D---- C:\WINDOWS\system32\Com 2011-03-12 15:27:19 ----D---- C:\Program Files\Windows NT 2011-03-12 15:27:18 ----D---- C:\Program Files\Outlook Express 2011-03-12 15:25:58 ----D---- C:\WINDOWS\system32\usmt 2011-03-12 15:25:54 ----D---- C:\WINDOWS\system 2011-03-12 15:21:15 ----RD---- C:\WINDOWS\Web 2011-03-12 15:20:39 ----RASH---- C:\NTDETECT.COM 2011-03-12 15:17:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2011-03-10 20:01:29 ----D---- C:\WINDOWS\RegisteredPackages 2011-03-10 18:38:18 ----SD---- C:\WINDOWS\Tasks 2011-03-10 18:16:02 ----D---- C:\Program Files\Alwil Software 2011-03-08 18:56:04 ----D---- C:\Program Files\Gadu-Gadu 10 2011-03-05 13:03:23 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Xfire 2011-03-05 08:10:43 ----D---- C:\Program Files\Mozilla Firefox 2011-02-28 18:54:24 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu 10 2011-02-19 21:16:01 ----D---- C:\Program Files\Xfire 2011-02-19 17:25:06 ----D---- C:\WINDOWS\Microsoft.NET 2011-02-18 15:03:58 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Identities ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368] R0 d347bus;d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [2004-08-22 155136] R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40320] R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hhoigi.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\System32\DRIVERS\cfosspeed.sys [2007-06-19 684248] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\System32\DRIVERS\HssDrv.sys [2010-06-16 37376] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2009-03-25 130432] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys [2008-10-14 103936] R3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys [2008-10-14 103936] R3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\System32\DRIVERS\ZTEusbnmeaext.sys [2008-10-14 103936] R3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys [2008-10-14 103936] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\System32\DRIVERS\taphss.sys [2010-06-16 32768] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696] R2 cFosSpeedS;cFosSpeed System Service; C:\Program Files\cFosSpeed\spd.exe [2007-06-19 310488] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-05 153376] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\System32\GameMon.des [2010-06-20 3813096] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632] S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-06-16 322608] -----------------EOF----------------- [/log]
Tomek01 komentarz 16 marca 2011 komentarz 16 marca 2011 Brontok akurat w Twoim przypadku to pestka. Jak zacząłeś pisać o menadżerze zadań od razu podejrzewałem wirusa Sality. A tu jest potwierdzenie z logu OTL, usługa Sality: [b]DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)[/b] oraz w RSIT: [b] R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hhoigi.sys [][/b] a także zawirusowane pliki w katalogu temp: [code]C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec"[/code] Do ponownego postawienia systemu może być potrzebna płytka z systemem. Pobierz i nagraj na płytkę na [b]niezainfekowanym[/b] komputerze [url="http://www.instalki.pl/programy/download/Windows/antywirusy/Dr.Web_LiveCD.html"][color="#0000FF"][b]DrWebLiveCd[/b][/color][/url] Włóż płytkę do zainfekowanego komputera, zakładając, że wcześniej ustawiłeś w BIOS-ie na startowanie kompa z CD/DVD, więc po restarcie powinien się uruchomić się skaner. Wykonujesz pełny skan, leczysz co się da, reszta do usunięcia. Skanujesz tyle razy, aż skaner nic nie znajdzie. Jeśli po usuwaniu system się nie uruchomi, wkładasz do komputera płytkę z systemem i wykonujesz [url=http://www.searchengines.pl/index.php?showtopic=24500&view=findpost&p=109540]instalację nakładkową Windows[/url]. Po ewentualnej instalacji nakładkowej [b]wyłącz i włącz Przywracanie systemu[/b] na wszystkich dyskach. Instrukcja [url=http://support.microsoft.com/kb/310405/pl][b]XP[/b][/url] lub [url=http://windowshelp.microsoft.com/Windows/pl-PL/Help/517d3b8e-3379-46c1-b479-05b30d6fb3f01045.mspx][b]Vista[/b][/url]. Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url]. Jeśli skaner nic nie znajdzie, dla pewności podaj log z [url=http://forum.dobreprogramy.pl/post1170959.html#p1170959][b]Combofix[/b][/url] i wyłącz ponownie przywracanie systemu włączone przez Combofixa.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.