x-kom hosting

Sprawdzenie logów

zuro96
utworzono
utworzono (edytowane)

Witam, proszę o sprawdzenie logów z OTL i RSIT. Kiedyś miałem wirusa "Brontok" czy jakoś sie zwał. Obciążał bardzo system, ale jakoś go "wyłaczyłem". 2-3 dni temu wchodząc na kompa naciskam magiczne CTRL+ ALT+DEL i ku mojemu zdźiwieniu niemogę uruchomic menedżera. To samo sie stało z REGEDIT, jakoś raz mi się udało i w rejestrze właczyłem menedżera i rejestr(podczas próby uruchomienia programów wyskakuje bład o ograniczeniach administratora problem w tym, że ja nim jestem...). Czyściłem programem "Malwarebytes' Anti- Malware" i robiłem coś w HiJackThis. Nic nie pomaga, wirus dopisuje wciąż nowe linijki w rejestrze. Proszę o pomoc i rady jak wytępic szkodnika.

Aha Opcje folderów też jakby znikły, ale gdy się już do nich dostane to też wyskakuje błąd o wyłaczeniu przez Admina

OTL

[log]OTL Extras logfile created on: 2011-03-15 16:37:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Downloads\zOTL
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 3,46 Gb Free Space | 9,29% Space Free | Partition Type: NTFS
Drive E: | 520,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,69 Gb Total Space | 2,07 Gb Free Space | 56,18% Space Free | Partition Type: FAT32

Computer Name: BROWAR-OFAN0ZSH | User Name: Zurek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe:*:Enabled:ipsec -- (France Telecom SA)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:ipsec -- (FlashGet.com)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe" = C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds -- (Reality Pump)
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe" = C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds -- (Reality Pump)
"F:\pogsmd.pif" = F:\pogsmd.pif:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe:*:Enabled:ipsec
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe:*:Enabled:ipsec -- (France Telecom SA)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe:*:Enabled:ipsec
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe:*:Enabled:ipsec -- (France Telecom SA)
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe" = C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe:*:Enabled:ipsec -- (France Telecom SA)
"C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe" = C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:ipsec -- (France Telecom SA)
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winofmhb.exe" = C:\DOCUME~1\Zurek\USTAWI~1\Temp\winofmhb.exe:*:Enabled:ipsec


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{051E7B99-6D35-4905-BAF3-740893EF657A}" = Total Overdose
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1B5A737F-ADEC-46DF-9539-B49D0828A175}" = Gothic
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9C37A6-AD4C-443D-0098-6B0A1865DEE2}" = FIFA 07
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{BD49141C-188C-4B75-9F46-C2C42F2D1045}" = Nero 7 Essentials
"{BEWINTERNET-PL-IEW}.UninstallSuite" = Odinstaluj Orange Free
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DE74FC6F-EB3C-4EFC-B5AA-0F0C03DEC23F}" = MANTA
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BSPlayerf" = BS.Player FREE
"CABAL Online EU Update - Siena The Queen_is1" = Cabal Online Europe - Siena The Queen
"CABAL Online: Episode V_is1" = Cabal Online Europe - Episode V Patcher
"CABAL Online: Illusion Castle Patch_is1" = Cabal Online Europe - Illusion Castle
"CABAL Online: Porta Inferno Patch_is1" = Cabal Online Europe - Porta Inferno 502 Patch
"CABAL Online: Radiant Hall_is1" = Cabal Online Europe - Radiant Hall
"CardDetectorZTEMF636" = Card Detector for ZTE MF636
"cFosSpeed" = cFosSpeed v4.00
"C-Media Audio" = C-Media 3D Audio
"CMPL_is1" = Crazy Machines: Nowe wyzwania
"Convert XLS_is1" = Convert XLS
"Counter-Strike 1.6" = Counter-Strike 1.6
"CWPL_is1" = Combat Wings
"EEEE705096F837B7907659F100C9FE6DA001970F" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"FormatFactory" = FormatFactory 2.30
"Foxit Reader" = Foxit Reader
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"Game Booster_is1" = Game Booster
"GTAViceCarEditor_is1" = GTAViceCarEditor 1.1.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.47
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Nokia PC Suite" = Nokia PC Suite
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NSS" = NSS (remove only)
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Totalcmd" = Total Commander (Remove or Repair)
"Two Worlds" = Two Worlds
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiwizator WinRAR
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Xfire" = Xfire (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"xplorer2p" = xplorer˛ professional 32 bit

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-02-23 12:59:12 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2.

Error - 2011-02-24 10:41:48 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2.

Error - 2011-03-01 14:36:25 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd f1upgradeutility.exe, wersja 1.0.0.14, moduł
powodujący błąd msvbvm60.dll, wersja 6.0.97.82, adres błędu 0x00072948.

Error - 2011-03-01 14:55:28 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd xplorer2_uc.exe, wersja 1.8.1.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-03-02 02:03:16 | Computer Name = BROWAR-OFAN0ZSH | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd textmessaging.exe, wersja 7.0.56.803, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.0, adres błędu 0x000017e2.

Error - 2011-03-05 08:52:53 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece
DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2011-03-05 08:54:08 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 1015
Description = Upłynął czas oczekiwania na zakończenie wywołania funkcji gromadzenia
danych wydajności, „PerfProc”, w bibliotece „C:\WINDOWS\system32\perfproc.dll”.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo
system, z którego pobiera on dane, mogły być bardzo zajęte w momencie wywołania
tej procedury.

Error - 2011-03-05 08:55:52 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 1015
Description = Upłynął czas oczekiwania na zakończenie wywołania funkcji gromadzenia
danych wydajności, „PerfProc”, w bibliotece „C:\WINDOWS\system32\perfproc.dll”.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo
system, z którego pobiera on dane, mogły być bardzo zajęte w momencie wywołania
tej procedury.

Error - 2011-03-05 15:32:21 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece
DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2011-03-06 04:21:03 | Computer Name = BROWAR-OFAN0ZSH | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „.NET CLR Data” w bibliotece
DLL „C:\WINDOWS\system32\netfxperf.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

[ System Events ]
Error - 2011-03-13 13:13:32 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2011-03-13 13:13:44 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2011-03-13 13:13:52 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa cFosSpeed System Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2011-03-13 13:13:54 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa France Telecom Routing Table Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2011-03-13 13:14:00 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa Hotspot Shield Monitoring Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2011-03-13 13:14:02 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7034
Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2011-03-13 13:14:23 | Computer Name = BROWAR-OFAN0ZSH | Source = Service Control Manager | ID = 7031
Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2011-03-13 13:54:53 | Computer Name = BROWAR-OFAN0ZSH | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.

Error - 2011-03-13 13:54:53 | Computer Name = BROWAR-OFAN0ZSH | Source = NetBT | ID = 4311
Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia
sterownika.

Error - 2011-03-13 20:45:03 | Computer Name = BROWAR-OFAN0ZSH | Source = DCOM | ID = 10010
Description = Serwer {25E8A7CA-5874-4F85-BC00-35210131C444} nie zarejestrował się
w modelu DCOM w wymaganym czasie.


< End of report >
OTL logfile created on: 2011-03-15 16:37:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Downloads\zOTL
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 3,46 Gb Free Space | 9,29% Space Free | Partition Type: NTFS
Drive E: | 520,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,69 Gb Total Space | 2,07 Gb Free Space | 56,18% Space Free | Partition Type: FAT32

Computer Name: BROWAR-OFAN0ZSH | User Name: Zurek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-03-15 14:54:26 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Temp\winppcbn.exe
PRC - [2011-03-06 19:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\zOTL\OTL.exe
PRC - [2011-03-05 13:51:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2011-03-05 08:09:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011-03-05 08:09:36 | 000,986,072 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-12-16 06:19:28 | 013,054,560 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-11-12 19:08:04 | 000,398,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe
PRC - [2010-10-20 11:22:24 | 000,630,272 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010-10-20 11:20:46 | 000,149,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010-07-22 12:08:30 | 001,982,464 | ---- | M] (Webteh) -- C:\Program Files\Webteh\BSplayer\bsplayer.exe
PRC - [2010-05-14 10:32:30 | 001,561,600 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-10-24 20:04:02 | 000,774,896 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe
PRC - [2008-10-24 19:48:54 | 000,323,584 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Systray\SystrayApp.exe
PRC - [2008-10-24 19:46:54 | 001,003,520 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Phonetools\TextMessaging.exe
PRC - [2008-10-24 19:37:18 | 001,429,504 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Deskboard\Deskboard.exe
PRC - [2008-10-24 19:28:42 | 000,917,504 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe
PRC - [2008-10-24 19:27:18 | 000,491,520 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\corecom\CoreCom.exe
PRC - [2008-10-24 19:24:14 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2008-10-24 19:21:24 | 000,163,840 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2008-10-14 11:07:14 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
PRC - [2007-09-25 09:10:50 | 002,076,720 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe
PRC - [2007-06-27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007-06-27 18:03:40 | 000,226,600 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-06-19 10:20:00 | 000,310,488 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2006-10-26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2006-05-03 17:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-01-02 15:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-08-22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
PRC - [2004-08-11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004-08-04 00:44:30 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004-08-04 00:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2004-08-04 00:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-03-06 19:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\zOTL\OTL.exe
MOD - [2008-12-09 11:13:02 | 000,035,328 | ---- | M] (BST) -- C:\Program Files\Webteh\BSplayer\mmkeybsupp.dll
MOD - [2007-05-18 17:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll
MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004-08-04 00:44:16 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2004-08-04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2004-08-04 00:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2004-08-04 00:44:12 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-04 00:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-04 00:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2004-08-04 00:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-04 00:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004-08-04 00:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2004-08-04 00:44:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2004-08-04 00:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2004-08-04 00:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2004-08-04 00:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-04 00:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2004-08-04 00:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2004-08-04 00:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2004-08-04 00:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010-10-20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-16 21:33:44 | 000,322,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Disabled | Stopped] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2007-06-19 10:20:00 | 000,310,488 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2010-06-16 21:33:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010-06-16 21:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-03-25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008-10-14 08:10:30 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-06-16 09:13:46 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2007-06-19 10:20:06 | 000,684,248 | R--- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-57989841-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.6
FF - prefs.js..extensions.enabledItems: {32c1ae0f-a1ed-4128-b922-7e83a47d79b7}:3.0
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-11-27 14:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-08 16:24:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 13:52:22 | 000,000,000 | ---D | M]

[2010-08-13 17:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Extensions
[2011-03-14 20:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions
[2010-11-15 18:22:59 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}
[2011-03-03 19:34:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-03 19:34:06 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011-03-03 19:28:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-03-03 19:34:06 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010-08-18 11:28:07 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\smarterwiki@wikiatic.com
[2010-10-20 16:26:32 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\tabscope@xuldev.org
[2011-03-10 18:45:24 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Zurek\Dane aplikacji\Mozilla\Firefox\Profiles\kid7tagv.default\extensions\toolbar@ask.com
[2011-03-14 19:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-03-05 13:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010-11-15 17:41:50 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011-03-05 13:51:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-11-27 14:14:40 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011-03-05 13:51:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-10 17:56:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010-10-20 16:26:09 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-10-20 16:26:09 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-10-20 16:26:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-10-20 16:26:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-10-20 16:26:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-10-20 16:26:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-03-14 15:48:41 | 000,000,602 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BEWINTERNET-PL-IEWSessionManager] C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\S-1-5-21-602162358-57989841-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-602162358-57989841-1801674531-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O15 - HKU\S-1-5-21-602162358-57989841-1801674531-1003\..Trusted Domains: ([]msn in Mój komputer)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-11-27 11:38:42 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-11-27 14:54:54 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-04-15 13:00:00 | 000,000,301 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell - "" = AutoRun
O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\AutoRun\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\configure\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{46287019-208e-11e0-8085-000b6aabf241}\Shell\install\command - "" = E:\setup.exe -- [2006-11-27 14:51:00 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\AutoplAY\command - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\AutoRun\command - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\EXplORe\cOMMAnd - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation)
O33 - MountPoints2\{7a2677e8-eb7d-11df-bfc1-000b6aabf241}\Shell\OPeN\CoMmand - "" = F:\pogsmd.pif -- [2011-03-13 13:28:10 | 000,172,543 | RHS- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "HssWd"
MsConfig - Services: "FTRTSVC"
MsConfig - StartUpReg: [b]Cmaudio[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]ctfmon.exe[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Gadu-Gadu 10[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]Nowe Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Nowe Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
MsConfig - StartUpReg: [b]PC Suite Tray[/b] - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: [b]PcSync[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Tok-Cirrhatus[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2



[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-03-15 16:30:41 | 000,000,000 | ---D | C] -- C:\rsit
[2011-03-14 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-03-14 19:12:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-03-13 17:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software
[2011-03-13 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Malwarebytes
[2011-03-13 09:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-03-13 09:42:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-13 09:42:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-13 09:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-03-13 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-12 21:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Reality Pump
[2011-03-12 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Reality Pump
[2011-03-12 19:17:59 | 000,000,000 | R--D | C] -- C:\Bartek
[2011-03-12 16:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011-03-12 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011-03-12 16:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011-03-12 15:58:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-12 15:28:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011-03-12 15:12:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011-03-10 20:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Ahead
[2011-03-10 20:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero 7 Essentials
[2011-03-10 20:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Ahead
[2011-03-10 20:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
[2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero
[2011-03-10 20:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2011-03-10 18:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2011-03-10 18:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2011-03-10 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\ARCANIX INSTALKA
[2011-03-10 18:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit
[2011-03-10 17:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Foxit Reader
[2011-03-10 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011-03-10 17:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011-03-10 17:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2011-03-10 17:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\ARCAVIR
[2011-03-10 17:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\MS Office 2007 Enterprise PL
[2011-03-09 20:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client
[2011-03-09 20:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TeamSpeak 3 Client
[2011-03-09 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011-03-05 19:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\CABAL MUZYKA
[2011-03-05 13:57:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011-03-05 13:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2011-03-05 13:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-03-05 13:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
[2011-03-03 19:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\dwhelper
[2011-03-02 20:23:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011-03-02 20:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo
[2011-03-02 20:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\Downloads
[2011-03-01 19:56:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Zurek\Pulpit\NOKIA
[2011-03-01 19:37:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Zurek\Pulpit\GRY
[2011-02-28 19:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\Google
[2011-02-26 13:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\cabal
[2011-02-20 17:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia855
[2011-02-19 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia86
[2011-02-19 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia
[2011-02-19 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Tibia
[2011-02-19 15:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia
[2011-02-19 15:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Asprate
[2011-02-19 15:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate
[2011-02-17 17:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Minecraft
[2011-02-17 17:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft
[2011-02-13 17:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GTAViceCarEditor
[2011-02-13 17:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\GTAViceCarEditor
[2011-02-13 13:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\VICE CITY SONG
[2011-01-26 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Menu Start\Programy\Virtual DJ
[2011-01-26 16:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011-01-26 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\VirtualDJ
[2011-01-20 17:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Pulpit\hanldling
[2011-01-19 20:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\Combat Wings savegames
[2011-01-19 19:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\City Interactive
[2011-01-19 19:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011-01-14 19:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zurek\Moje dokumenty\GTA Vice City User Files
[2011-01-14 18:59:09 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2011-01-14 18:59:09 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2011-01-14 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2010-11-03 11:33:35 | 000,773,120 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\Zurek\Dane aplikacji\MinecraftSP.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-03-15 14:50:59 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011-03-15 14:50:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-15 11:26:27 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-14 21:13:35 | 000,002,791 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\HiJackThis.lnk
[2011-03-14 21:10:10 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\Zurek\ntuser.pol
[2011-03-14 19:15:20 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\FIX.reg
[2011-03-14 19:08:43 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\mmm.reg
[2011-03-14 15:15:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-14 15:12:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011-03-13 11:46:04 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011-03-13 09:42:45 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-03-12 20:59:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-12 20:25:33 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Zurek\default.pls
[2011-03-12 19:23:39 | 000,451,352 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-03-12 19:23:38 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-12 19:23:38 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-03-12 19:23:38 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-12 15:44:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-12 15:20:39 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2011-03-12 15:20:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011-03-11 16:07:09 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-03-10 20:18:03 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk
[2011-03-10 20:18:03 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk
[2011-03-10 20:18:03 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk
[2011-03-10 20:00:50 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011-03-10 17:57:18 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk
[2011-03-09 20:43:04 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2011-03-04 22:08:05 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-03 17:11:22 | 005,324,832 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Eazy-E - Real Muthaphukkin Gs.mp3
[2011-03-02 22:31:41 | 000,013,814 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\bmw.jpeg
[2011-03-02 20:13:33 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Finish Downloading Brothersoft Download Manager.lnk
[2011-03-01 19:26:15 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\backup.reg
[2011-03-01 19:13:31 | 000,000,028 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\END.exe
[2011-02-26 19:24:04 | 000,256,460 | ---- | M] () -- C:\Documents and Settings\Zurek\Moje dokumenty\nfsw051.jpg
[2011-02-19 16:38:02 | 000,343,828 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak
[2011-02-17 17:46:24 | 000,167,423 | ---- | M] () -- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe
[2011-02-17 17:46:24 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Minecraft.lnk
[2011-02-17 16:45:05 | 002,833,986 | ---- | M] () -- C:\Documents and Settings\Zurek\Moje dokumenty\javaw 2011-02-17 16-40-33-72.bmp
[2011-02-16 18:41:26 | 000,051,170 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Afryka_mapaaaaaaaaaaaaaaaaaaaaaaaaaa.gif
[2011-02-15 18:10:18 | 000,000,068 | ---- | M] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2011-02-15 18:08:06 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\XLSCX.INI
[2011-02-04 10:22:03 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Xfire (2).lnk
[2011-01-20 17:24:24 | 000,045,715 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\2011-01-16_www_ModBase_PL_GTA_VC_Save_100_.rar
[2011-01-19 00:28:27 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816.JPG.sha
[2011-01-19 00:26:58 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816hhh.sha
[2011-01-19 00:25:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816kkkk.sha
[2011-01-15 19:48:56 | 000,201,828 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\GTAVCsf6.b
[2011-01-15 17:22:01 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Zurek\Pulpit\Skrót do daemon.lnk
[2011-01-14 18:59:07 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-03-14 21:13:35 | 000,002,791 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\HiJackThis.lnk
[2011-03-14 19:15:20 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\FIX.reg
[2011-03-14 19:13:58 | 000,000,448 | RHS- | C] () -- C:\Documents and Settings\Zurek\ntuser.pol
[2011-03-14 19:08:43 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\mmm.reg
[2011-03-13 11:43:54 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011-03-13 09:42:45 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-03-12 15:36:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2011-03-12 15:36:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2011-03-12 15:36:35 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2011-03-12 15:36:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011-03-12 15:36:26 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011-03-12 15:36:24 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011-03-12 15:36:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2011-03-11 11:44:45 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Zurek\default.pls
[2011-03-10 20:43:24 | 024,894,816 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\gg10.exe
[2011-03-10 20:18:03 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk
[2011-03-10 20:18:03 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk
[2011-03-10 20:18:03 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk
[2011-03-10 17:57:18 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Foxit Reader.lnk
[2011-03-09 20:43:04 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2011-03-03 17:05:56 | 005,324,832 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Eazy-E - Real Muthaphukkin Gs.mp3
[2011-03-02 22:31:41 | 000,013,814 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\bmw.jpeg
[2011-03-02 20:13:33 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Finish Downloading Brothersoft Download Manager.lnk
[2011-03-01 19:26:15 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\backup.reg
[2011-03-01 19:13:30 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\END.exe
[2011-02-26 19:23:10 | 000,256,460 | ---- | C] () -- C:\Documents and Settings\Zurek\Moje dokumenty\nfsw051.jpg
[2011-02-19 16:38:02 | 000,343,828 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak
[2011-02-17 17:46:23 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Minecraft.lnk
[2011-02-17 17:46:02 | 000,167,423 | ---- | C] () -- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe
[2011-02-17 16:41:22 | 002,833,986 | ---- | C] () -- C:\Documents and Settings\Zurek\Moje dokumenty\javaw 2011-02-17 16-40-33-72.bmp
[2011-02-16 18:41:26 | 000,051,170 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Afryka_mapaaaaaaaaaaaaaaaaaaaaaaaaaa.gif
[2011-02-04 10:22:03 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Xfire (2).lnk
[2011-01-20 17:26:45 | 000,201,828 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\GTAVCsf6.b
[2011-01-20 17:26:35 | 000,045,715 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\2011-01-16_www_ModBase_PL_GTA_VC_Save_100_.rar
[2011-01-19 19:41:51 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2011-01-19 19:41:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011-01-19 19:41:49 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2011-01-19 19:41:49 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2011-01-19 19:41:42 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2011-01-19 00:28:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816.JPG.sha
[2011-01-19 00:26:58 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816hhh.sha
[2011-01-19 00:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\Zurek\Pulpit\0414225816kkkk.sha
[2011-01-15 17:22:01 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Skrót do daemon.lnk
[2011-01-14 19:18:11 | 692,432,896 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\Vice_City_Play.iso
[2011-01-14 19:05:28 | 702,814,208 | ---- | C] () -- C:\Documents and Settings\Zurek\Pulpit\GTA_Vice_City.iso
[2011-01-14 18:59:07 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools.lnk
[2011-01-04 17:40:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-11-27 13:18:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010-11-27 13:16:55 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010-11-14 12:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010-11-01 20:01:24 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2010-10-31 19:56:02 | 000,023,660 | ---- | C] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\JunkAtx18.bin
[2010-10-31 19:18:03 | 000,000,010 | RHS- | C] () -- C:\WINDOWS\System32\sistem.sys
[2010-09-18 13:09:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-09-10 14:19:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-01 17:50:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2010-09-01 17:50:24 | 000,000,068 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2010-09-01 17:50:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2010-09-01 17:49:59 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2010-09-01 17:49:59 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2010-09-01 17:49:59 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010-09-01 17:49:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2010-08-22 12:03:53 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Zurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-18 14:04:05 | 000,000,409 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-08-13 18:41:19 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010-08-13 17:23:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-08-13 17:18:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-13 17:17:26 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-13 16:41:44 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-08-13 16:41:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-08-13 16:41:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010-08-13 16:41:42 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2010-08-13 16:41:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010-08-13 16:41:37 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2010-08-13 16:41:37 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2010-08-13 16:41:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010-08-13 16:40:23 | 000,002,299 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-08-13 16:40:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010-08-13 16:36:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-08-13 16:29:56 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-07-09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-08-01 09:25:25 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2006-04-28 21:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-10-26 17:15:16 | 000,451,352 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 17:15:16 | 000,075,486 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-17 22:30:24 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-17 22:30:22 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-21 23:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-02-23 18:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia
[2011-03-11 16:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-09-17 16:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-11-27 17:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-11-18 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2011-03-10 18:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2010-11-28 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2010-09-17 18:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-11-27 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-03-13 20:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft
[2010-08-29 14:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\BSplayer
[2010-08-22 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\BSplayer Pro
[2010-09-01 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Docx2Rtf
[2011-03-10 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit
[2011-03-13 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software
[2010-08-18 10:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu
[2011-02-28 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu 10
[2010-11-01 19:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Gearbox Software
[2011-03-02 20:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo
[2010-09-04 09:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\GHISLER
[2010-12-16 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Nokia
[2010-09-16 17:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Nowe Gadu-Gadu
[2010-09-01 17:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\NwDocx
[2010-09-17 18:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\OpenFM
[2010-12-16 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\PC Suite
[2011-02-25 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia
[2011-03-09 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client
[2011-03-15 14:50:59 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-11-27 11:38:42 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2011-03-14 15:12:07 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-12-05 13:02:15 | 000,157,220 | ---- | M] () -- C:\Cabal(Ver1333-101205-1201-0000).jpg
[2010-08-13 16:33:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-08-13 16:33:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006-10-03 12:40:06 | 000,403,140 | ---- | M] () -- C:\Mp3Playermp3.SIS
[2010-08-13 16:33:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-03-12 15:20:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011-03-12 15:20:39 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2011-03-15 14:50:37 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001-08-17 20:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001-08-17 20:51:56 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2001-08-17 22:51:54 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
[2001-08-17 22:52:28 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll
[2001-10-26 18:29:30 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=F5E8D86A0C880E4CD96B03FC9F66ABF7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2001-08-18 07:24:32 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe
[2001-10-26 18:30:06 | 000,432,640 | ---- | M] (Microsoft Corporation) MD5=306530C12F412868E2E85431250E68A1 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 8 bytes -> C:\WINDOWS:

< End of report >
[/log]

RSIT

[log]info.txt logfile of random's system information tool 1.08 2011-03-15 16:32:03

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Cabal Online Europe - Episode V Patcher-->"C:\Games-Masters.com\CABAL Online (Europe)\unins005.exe"
Cabal Online Europe - Illusion Castle-->"C:\Games-Masters.com\CABAL Online (Europe)\unins002.exe"
Cabal Online Europe - Porta Inferno 502 Patch-->"C:\Games-Masters.com\CABAL Online (Europe)\unins004.exe"
Cabal Online Europe - Radiant Hall-->"C:\Games-Masters.com\CABAL Online (Europe)\unins003.exe"
Cabal Online Europe - Siena The Queen-->"C:\Games-Masters.com\CABAL Online (Europe)\unins001.exe"
Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u
cFosSpeed v4.00-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Combat Wings-->"C:\Program Files\City Interactive\Combat Wings\unins000.exe"
Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe"
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Crazy Machines: Nowe wyzwania-->"C:\Program Files\City Interactive\Crazy Machines - Nowe wyzwania\unins000.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
FIFA 07-->C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
FormatFactory 2.30-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
Gothic-->C:\Program Files\InstallShield Installation Information\{1B5A737F-ADEC-46DF-9539-B49D0828A175}\setup.exe -runfromtemp -l0x0015 -removeonly
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTAViceCarEditor 1.1.1-->"C:\Program Files\GTAViceCarEditor\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotspot Shield 1.47-->C:\Program Files\Hotspot Shield\Uninstall.exe
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MANTA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE74FC6F-EB3C-4EFC-B5AA-0F0C03DEC23F}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850415-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works 2003-Setup-Start-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 -->MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772}
Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}
Minecraft 1.2.0_02-->C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe
Mozilla Firefox (3.6.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{BD49141C-188C-4B75-9F46-C2C42F2D1045}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD}
Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_pol_web.exe
Nokia PC Suite-->MsiExec.exe /I{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}
Nokia Software Updater-->MsiExec.exe /X{4D568C38-0552-4CDD-A643-01FAFA2957EF}
Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe
NSS (remove only)-->C:\Program Files\NSS\uninstall.exe
Odinstaluj Orange Free-->C:\Program Files\OrangeBS\BEWInternet-PL-IEW\installation\core\Installgui.exe -u
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_D745A35E775153D4241BCAFD53B508006B129D5F\nokia_bluetooth.inf
Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_303CF1FED5DA0A0063DA86B4F733C34AA8C8B2C1\nokbtmdm.inf
Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
Tibia-->"C:\Program Files\Tibia855\unins000.exe"
Tony Hawks Pro Skater 4-->MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Overdose-->MsiExec.exe /X{051E7B99-6D35-4905-BAF3-740893EF657A}
Two Worlds-->C:\Program Files\Reality Pump\Two Worlds\Uninstall.exe
Virtual DJ Home - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Video 9 Advanced Profile Codec-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
xp-AntiSpy 3.97-9-->C:\Program Files\xp-AntiSpy\Uninstall.exe
xplorer˛ professional 32 bit-->"C:\Program Files\zabkat\xplorer2\Uninstall.exe"
YouTube Downloader 2.5.7-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======System event log======

Computer Name: BROWAR-OFAN0ZSH
Event Code: 64
Message: Błąd składniowy w pliku manifestu lub w pliku zasad "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" w wierszu 12.
Manifest główny lub aplikacji zawiera element noInherit, ale zależny manifest montażowy nie
zawiera elementu noInheritable. Manifesty aplikacji zawierające element noInherit mogą tylko
zależeć od zestawów noInheritable.

Record Number: 43442
Source Name: SideBySide
Time Written: 20110307201002.000000+060
Event Type: błąd
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 59
Message: Generate Activation Context nie powiodło się dla C:\Program Files\Microsoft Office\Office12\msohevi.dll.
Odpowiedni komunikat o błędzie: Operacja ukończona pomyślnie.
.

Record Number: 43441
Source Name: SideBySide
Time Written: 20110307201002.000000+060
Event Type: błąd
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 59
Message: Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT.
Odpowiedni komunikat o błędzie: Plik demonstracyjny zawiera jeden lub więcej błędów składniowych.
.

Record Number: 43440
Source Name: SideBySide
Time Written: 20110307201002.000000+060
Event Type: błąd
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 33
Message: Nie można uruchomić aplikacji z powodu nieprawidłowego manifestu.

Record Number: 43439
Source Name: SideBySide
Time Written: 20110307201002.000000+060
Event Type: błąd
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 58
Message: Błąd składniowy w pliku manifestu lub w pliku zasad "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.policy" w wierszu 12.

Record Number: 43438
Source Name: SideBySide
Time Written: 20110307201002.000000+060
Event Type: błąd
User:

=====Application event log=====

Computer Name: BROWAR-OFAN0ZSH
Event Code: 2001
Message: Pomyślnie uruchomiono usługę EAPOL

Record Number: 400
Source Name: EAPOL
Time Written: 20101120122934.000000+060
Event Type: informacje
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 2002
Message: Pomyślnie zatrzymano usługę EAPOL

Record Number: 399
Source Name: EAPOL
Time Written: 20101120122931.000000+060
Event Type: informacje
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 2003
Message: Usługa EAPOL jest uruchomiona

Record Number: 398
Source Name: EAPOL
Time Written: 20101120122931.000000+060
Event Type: informacje
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 105
Message: The service was started.

Record Number: 397
Source Name: ATI Smart
Time Written: 20101120122833.000000+060
Event Type: informacje
User:

Computer Name: BROWAR-OFAN0ZSH
Event Code: 2001
Message: Pomyślnie uruchomiono usługę EAPOL

Record Number: 396
Source Name: EAPOL
Time Written: 20101120122819.000000+060
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Zurek at 2011-03-15 16:31:20
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 4 GB (9%) free of 38 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:58, on 2011-03-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Downloads\zRSIT\RSIT.exe
C:\Program Files\trend micro\Zurek.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-PL-IEWSessionManager] "C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6A51BC3-E358-43CA-9016-02A890718BA2}: NameServer = 217.116.100.65 79.163.127.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Game_Booster_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-06-16 230448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-09-25 2076720]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-10-14 274432]
"BEWINTERNET-PL-IEWSessionManager"=C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe [2008-10-24 205552]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 226864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1561600]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 226600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
C:\Program Files\Gadu-Gadu 10\gg.exe [2010-12-16 13054560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 108840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
C:\Program Files\Nowe Gadu-Gadu\gg.exe [2008-08-14 9929312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1561600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
C:\Program Files\Gadu-Gadu 10\gg.exe [2010-12-16 13054560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssWd"=2
"FTRTSVC"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableTaskMgr"=0
"DisableRegistryTools"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exe:*:Enabled:ipsec"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:ipsec"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds"
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds"
"F:\pogsmd.pif"="F:\pogsmd.pif:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wchesm.exe:*:Enabled:ipsec"
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\CoreCom.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winiaoh.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe:*:Enabled:ipsec"
"C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe"="C:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exe:*:Enabled:ipsec"
"C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-03-15 16:30:41 ----D---- C:\rsit
2011-03-14 21:13:34 ----D---- C:\Program Files\Trend Micro
2011-03-14 19:12:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-03-13 17:14:43 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit Software
2011-03-13 11:43:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-03-13 09:42:53 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Malwarebytes
2011-03-13 09:42:41 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-03-13 09:42:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2011-03-13 09:42:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-13 09:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-03-12 20:56:03 ----D---- C:\Program Files\Reality Pump
2011-03-12 19:17:59 ----RD---- C:\Bartek
2011-03-12 16:32:15 ----A---- C:\WINDOWS\system32\msonpmon.dll
2011-03-12 16:28:29 ----D---- C:\Program Files\MSBuild
2011-03-12 16:26:46 ----D---- C:\Program Files\Microsoft Visual Studio
2011-03-12 16:15:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-03-12 15:58:07 ----D---- C:\WINDOWS\Prefetch
2011-03-12 15:38:06 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\spiisupd.exe
2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-03-12 15:36:36 ----N---- C:\WINDOWS\system32\asr_pfu.exe
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\amdk7.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-03-12 15:36:28 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-03-12 15:36:27 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-03-12 15:36:26 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\http.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-03-12 15:36:25 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-03-12 15:36:24 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-03-12 15:36:23 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usbehci.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\tunmp.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-03-12 15:36:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\btpanui.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bthserv.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bthci.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\blastcln.exe
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\auditusr.exe
2011-03-12 15:36:21 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-03-12 15:36:20 ----N---- C:\WINDOWS\system32\dsprpres.dll
2011-03-12 15:36:19 ----N---- C:\WINDOWS\system32\extmgr.dll
2011-03-12 15:36:19 ----N---- C:\WINDOWS\system32\encdec.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\ieencode.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\httpapi.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\hccoin.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fwcfg.dll
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fsquirt.exe
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fltmc.exe
2011-03-12 15:36:18 ----N---- C:\WINDOWS\system32\fltlib.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdukx.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdno1.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinben.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2011-03-12 15:36:15 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2011-03-12 15:36:14 ----N---- C:\WINDOWS\system32\msdadiag.dll
2011-03-12 15:36:14 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\mssap.dll
2011-03-12 15:36:13 ----N---- C:\WINDOWS\system32\msftedit.dll
2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\xpob2res.dll
2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\p2p.dll
2011-03-12 15:36:11 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\powercfg.exe
2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2psvc.dll
2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2011-03-12 15:36:10 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\sbeio.dll
2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\sbe.dll
2011-03-12 15:36:09 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\xpsp1res.dll
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\smbinst.exe
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slserv.exe
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slgen.dll
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-03-12 15:36:08 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\w3ssl.dll
2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\twext.dll
2011-03-12 15:36:06 ----N---- C:\WINDOWS\system32\strmfilt.dll
2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\wmerror.dll
2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winshfhc.dll
2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winhttp.dll
2011-03-12 15:36:05 ----N---- C:\WINDOWS\system32\winbrand.dll
2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wscntfy.exe
2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmpasf.dll
2011-03-12 15:36:02 ----N---- C:\WINDOWS\system32\wmp.dll
2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wuapi.dll
2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wshbth.dll
2011-03-12 15:36:01 ----N---- C:\WINDOWS\system32\wscsvc.dll
2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wups.dll
2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wucltui.dll
2011-03-12 15:36:00 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\xmlprov.dll
2011-03-12 15:35:59 ----N---- C:\WINDOWS\system32\wuweb.dll
2011-03-12 15:35:59 ----N---- C:\WINDOWS\slrundll.exe
2011-03-12 15:28:42 ----D---- C:\WINDOWS\ServicePackFiles
2011-03-12 15:17:58 ----A---- C:\WINDOWS\002344_.tmp
2011-03-12 15:12:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-03-10 20:16:49 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Ahead
2011-03-10 20:13:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2011-03-10 20:03:56 ----D---- C:\Program Files\Nero
2011-03-10 20:03:56 ----D---- C:\Program Files\Common Files\Ahead
2011-03-10 20:03:56 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2011-03-10 18:12:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
2011-03-10 18:12:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
2011-03-10 18:01:14 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Foxit
2011-03-10 17:57:00 ----D---- C:\Program Files\Ask.com
2011-03-10 17:56:35 ----D---- C:\Program Files\Foxit Software
2011-03-10 17:56:03 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2011-03-09 20:44:28 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\TS3Client
2011-03-09 20:42:48 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-03-05 14:36:33 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-03-05 13:57:53 ----D---- C:\WINDOWS\Sun
2011-03-05 13:53:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun
2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\javaws.exe
2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\javaw.exe
2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\java.exe
2011-03-05 13:52:22 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-03-05 13:50:42 ----D---- C:\Program Files\Java
2011-03-05 13:49:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2011-03-02 20:23:52 ----HD---- C:\WINDOWS\PIF
2011-03-02 20:13:07 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\GetRightToGo
2011-02-20 17:16:39 ----D---- C:\Program Files\Tibia855
2011-02-19 17:39:16 ----D---- C:\Program Files\Tibia86
2011-02-19 17:04:36 ----A---- C:\temp9212.tmp
2011-02-19 17:03:37 ----A---- C:\temp5281.tmp
2011-02-19 17:02:27 ----A---- C:\temp9712.tmp
2011-02-19 16:38:02 ----A---- C:\Documents and Settings\All Users\Dane aplikacji\Tibia_dat.bak
2011-02-19 16:23:44 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Tibia
2011-02-19 15:32:28 ----D---- C:\Program Files\Tibia
2011-02-19 15:13:11 ----D---- C:\Program Files\Asprate
2011-02-17 17:46:02 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\.minecraft
2011-02-17 17:46:02 ----A---- C:\Documents and Settings\Zurek\Dane aplikacji\Uninstal.exe

======List of files/folders modified in the last 1 months======

2011-03-15 16:31:19 ----D---- C:\Program Files\FlashGet
2011-03-15 16:30:13 ----D---- C:\Downloads
2011-03-15 16:23:33 ----D---- C:\Program Files\cFosSpeed
2011-03-15 16:22:31 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt
2011-03-15 16:17:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-15 14:51:30 ----D---- C:\WINDOWS\Temp
2011-03-15 14:51:29 ----D---- C:\WINDOWS\system32\drivers
2011-03-15 12:57:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-14 21:13:35 ----SHD---- C:\WINDOWS\Installer
2011-03-14 21:13:34 ----RD---- C:\Program Files
2011-03-14 20:58:41 ----D---- C:\WINDOWS\SoftwareDistribution
2011-03-14 20:58:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-14 20:57:57 ----D---- C:\WINDOWS\system32
2011-03-14 18:46:46 ----RAD---- C:\WINDOWS
2011-03-14 18:45:14 ----D---- C:\WINDOWS\Minidump
2011-03-14 16:57:51 ----D---- C:\WINDOWS\pss
2011-03-14 15:45:39 ----D---- C:\Program Files\messenger
2011-03-14 15:41:33 ----D---- C:\Program Files\Common Files
2011-03-14 15:21:22 ----D---- C:\WINDOWS\system32\config
2011-03-14 15:20:54 ----D---- C:\WINDOWS\system32\wbem
2011-03-14 15:20:50 ----D---- C:\WINDOWS\Registration
2011-03-14 15:13:09 ----D---- C:\WINDOWS\security
2011-03-14 15:12:18 ----D---- C:\WINDOWS\system32\Restore
2011-03-14 15:12:07 ----RASH---- C:\boot.ini
2011-03-14 15:12:07 ----A---- C:\WINDOWS\win.ini
2011-03-14 15:12:07 ----A---- C:\WINDOWS\system.ini
2011-03-13 12:05:20 ----HD---- C:\WINDOWS\inf
2011-03-12 20:58:31 ----D---- C:\WINDOWS\system32\DirectX
2011-03-12 20:57:13 ----RSD---- C:\WINDOWS\assembly
2011-03-12 20:53:49 ----D---- C:\Program Files\Rockstar Games
2011-03-12 19:23:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-12 19:23:37 ----SD---- C:\Documents and Settings\Zurek\Dane aplikacji\Microsoft
2011-03-12 16:33:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2011-03-12 16:28:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-03-12 16:26:33 ----D---- C:\WINDOWS\ShellNew
2011-03-12 16:25:05 ----D---- C:\Program Files\Microsoft Office
2011-03-12 16:25:04 ----RSD---- C:\WINDOWS\Fonts
2011-03-12 16:24:05 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2011-03-12 16:11:53 ----D---- C:\Program Files\Common Files\System
2011-03-12 16:00:21 ----A---- C:\WINDOWS\setuplog.txt
2011-03-12 16:00:01 ----D---- C:\WINDOWS\system32\inetsrv
2011-03-12 15:58:21 ----D---- C:\WINDOWS\Debug
2011-03-12 15:56:58 ----D---- C:\WINDOWS\AppPatch
2011-03-12 15:44:39 ----A---- C:\WINDOWS\imsins.BAK
2011-03-12 15:43:43 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-12 15:36:42 ----D---- C:\WINDOWS\WinSxS
2011-03-12 15:36:37 ----D---- C:\WINDOWS\system32\Setup
2011-03-12 15:36:37 ----D---- C:\WINDOWS\EHome
2011-03-12 15:36:36 ----D---- C:\WINDOWS\Help
2011-03-12 15:36:33 ----D---- C:\WINDOWS\ime
2011-03-12 15:35:59 ----D---- C:\WINDOWS\system32\oobe
2011-03-12 15:35:59 ----D---- C:\Program Files\Windows Media Player
2011-03-12 15:35:57 ----D---- C:\Program Files\Internet Explorer
2011-03-12 15:35:56 ----D---- C:\WINDOWS\peernet
2011-03-12 15:35:56 ----D---- C:\Program Files\Movie Maker
2011-03-12 15:35:53 ----D---- C:\WINDOWS\Media
2011-03-12 15:27:49 ----D---- C:\WINDOWS\system32\npp
2011-03-12 15:27:48 ----D---- C:\WINDOWS\msagent
2011-03-12 15:27:38 ----D---- C:\WINDOWS\srchasst
2011-03-12 15:27:31 ----D---- C:\Program Files\NetMeeting
2011-03-12 15:27:27 ----D---- C:\WINDOWS\system32\Com
2011-03-12 15:27:19 ----D---- C:\Program Files\Windows NT
2011-03-12 15:27:18 ----D---- C:\Program Files\Outlook Express
2011-03-12 15:25:58 ----D---- C:\WINDOWS\system32\usmt
2011-03-12 15:25:54 ----D---- C:\WINDOWS\system
2011-03-12 15:21:15 ----RD---- C:\WINDOWS\Web
2011-03-12 15:20:39 ----RASH---- C:\NTDETECT.COM
2011-03-12 15:17:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-03-10 20:01:29 ----D---- C:\WINDOWS\RegisteredPackages
2011-03-10 18:38:18 ----SD---- C:\WINDOWS\Tasks
2011-03-10 18:16:02 ----D---- C:\Program Files\Alwil Software
2011-03-08 18:56:04 ----D---- C:\Program Files\Gadu-Gadu 10
2011-03-05 13:03:23 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Xfire
2011-03-05 08:10:43 ----D---- C:\Program Files\Mozilla Firefox
2011-02-28 18:54:24 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Gadu-Gadu 10
2011-02-19 21:16:01 ----D---- C:\Program Files\Xfire
2011-02-19 17:25:06 ----D---- C:\WINDOWS\Microsoft.NET
2011-02-18 15:03:58 ----D---- C:\Documents and Settings\Zurek\Dane aplikacji\Identities

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 d347bus;d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40320]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hhoigi.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\System32\DRIVERS\cfosspeed.sys [2007-06-19 684248]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\System32\DRIVERS\HssDrv.sys [2010-06-16 37376]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys [2008-10-14 103936]
R3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys [2008-10-14 103936]
R3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\System32\DRIVERS\ZTEusbnmeaext.sys [2008-10-14 103936]
R3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys [2008-10-14 103936]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\System32\DRIVERS\taphss.sys [2010-06-16 32768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]
R2 cFosSpeedS;cFosSpeed System Service; C:\Program Files\cFosSpeed\spd.exe [2007-06-19 310488]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-05 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\System32\GameMon.des [2010-06-20 3813096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632]
S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-06-16 322608]

-----------------EOF-----------------
[/log]

Tomek01
komentarz
komentarz

Brontok akurat w Twoim przypadku to pestka.
Jak zacząłeś pisać o menadżerze zadań od razu podejrzewałem wirusa Sality.
A tu jest potwierdzenie z logu OTL, usługa Sality:
[b]DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)[/b]
oraz w RSIT:
[b] R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hhoigi.sys [][/b]
a także zawirusowane pliki w katalogu temp:
[code]C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\gftted.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\xqrgr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winnokmej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winvcmuej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nodor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winreqsbj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\fgmpfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\nwupp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winppcbn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\winuekl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe"="C:\DOCUME~1\Zurek\USTAWI~1\Temp\wincxtxf.exe:*:Enabled:ipsec"[/code]


Do ponownego postawienia systemu może być potrzebna płytka z systemem.
Pobierz i nagraj na płytkę na [b]niezainfekowanym[/b] komputerze [url="http://www.instalki.pl/programy/download/Windows/antywirusy/Dr.Web_LiveCD.html"][color="#0000FF"][b]DrWebLiveCd[/b][/color][/url]
Włóż płytkę do zainfekowanego komputera, zakładając, że wcześniej ustawiłeś w BIOS-ie na startowanie kompa z CD/DVD, więc po restarcie powinien się uruchomić się skaner.
Wykonujesz pełny skan, leczysz co się da, reszta do usunięcia.
Skanujesz tyle razy, aż skaner nic nie znajdzie.
Jeśli po usuwaniu system się nie uruchomi, wkładasz do komputera płytkę z systemem i wykonujesz [url=http://www.searchengines.pl/index.php?showtopic=24500&view=findpost&p=109540]instalację nakładkową Windows[/url].
Po ewentualnej instalacji nakładkowej [b]wyłącz i włącz Przywracanie systemu[/b] na wszystkich dyskach. Instrukcja [url=http://support.microsoft.com/kb/310405/pl][b]XP[/b][/url] lub [url=http://windowshelp.microsoft.com/Windows/pl-PL/Help/517d3b8e-3379-46c1-b479-05b30d6fb3f01045.mspx][b]Vista[/b][/url].
Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url].
Jeśli skaner nic nie znajdzie, dla pewności podaj log z [url=http://forum.dobreprogramy.pl/post1170959.html#p1170959][b]Combofix[/b][/url] i wyłącz ponownie przywracanie systemu włączone przez Combofixa.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.