x-kom hosting

Zamiast wygasząjącego się ekranu pojawia się strona Qooqle

wojtax2
utworzono
utworzono

Witam
Problem: Qooqle
Od paru dni zamiast normalnej strony startowej pojawia mi się TO "Qooqle" (problem identyczny jak kolega TrollPL)

Logi OTL i RSIT:


[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Wojtas at 2011-06-20 14:14:11
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive I: has 40 GB (74%) free of 54 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:14:17, on 2011-06-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Nero\Update\NASvc.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
I:\Program Files\Common Files\Java\Java Update\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
I:\Program Files\DAEMON Tools Lite\DTLite.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
I:\Documents and Settings\All Users\jushed.exe
J:\Mozilla Download\OTL.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Mozilla Firefox\plugin-container.exe
I:\WINDOWS\explorer.exe
J:\Mozilla Download\RSIT.exe
I:\Program Files\trend micro\Wojtas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] I:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] I:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu 10] "I:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [Pando Media Booster] I:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [jushed] I:\Documents and Settings\All Users\jushed.exe
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Dodaj do blokowanych banerów - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: @I:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - I:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7849 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - I:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - I:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2011-03-25 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - I:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - I:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=I:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=I:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVP"=I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2011-03-25 311680]
"PWRISOVM.EXE"=I:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=I:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2010-10-19 13851752]
"NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2010-10-19 110696]
"nwiz"=I:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
"Adobe ARM"=I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"amd_dc_opt"=I:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe [2008-05-22 40448]
"Gadu-Gadu 10"=I:\Program Files\Gadu-Gadu 10\gg.exe [2011-05-05 13345376]
"Pando Media Booster"=I:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-03-25 2937528]
"DAEMON Tools Lite"=I:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"AlcoholAutomount"=I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"jushed"=I:\Documents and Settings\All Users\jushed.exe [2011-05-21 566784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
I:\WINDOWS\system32\Ati2evxx.dll [2009-11-24 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
I:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2008-05-22 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoSMHelp"=1
"NoSMConfigurePrograms"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoResolveTrack"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\Program Files\Pando Networks\Media Booster\PMB.exe"="I:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"I:\Program Files\uTorrent\uTorrent.exe"="I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"K:\Gta\Grand Theft Auto IV\LaunchGTAIV.exe"="K:\Gta\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"K:\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe"="K:\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe:*:Enabled:ArmA 2 Operation Arrowhead"
"I:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="I:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"K:\Symulator Farmy 2011\FarmingSimulator2011.exe"="K:\Symulator Farmy 2011\FarmingSimulator2011.exe:*:Enabled:Symulator Farmy 2011"
"K:\Symulator Farmy 2011\game.exe"="K:\Symulator Farmy 2011\game.exe:*:Enabled:Symulator Farmy 2011"
"K:\Dirt 3\dirt3_game.exe"="K:\Dirt 3\dirt3_game.exe:*:Enabled:DiRT 3"
"K:\Operation Flashpoint\RedRiver.exe"="K:\Operation Flashpoint\RedRiver.exe:*:Enabled:Operation Flashpoint ®: Red River"
"K:\Operation Flashpoint\RedRiverLauncher.exe"="K:\Operation Flashpoint\RedRiverLauncher.exe:*:Enabled:Operation Flashpoint ®: Red River"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-06-20 14:14:12 ----D---- I:\Program Files\trend micro
2011-06-20 14:14:11 ----D---- I:\rsit
2011-06-20 13:58:37 ----D---- I:\Program Files\WebKeySoft
2011-06-20 00:43:49 ----A---- I:\WINDOWS\system32\drivers\AmdLLD.sys
2011-06-20 00:43:47 ----D---- I:\Program Files\AMD
2011-06-18 10:09:50 ----D---- I:\Program Files\Common Files\Adobe
2011-06-18 10:09:50 ----D---- I:\Program Files\Adobe
2011-06-05 22:45:20 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\DailyMagic
2011-06-02 21:39:49 ----A---- I:\WINDOWS\system32\drivers\atksgt.sys
2011-06-02 21:39:48 ----A---- I:\WINDOWS\system32\drivers\lirsgt.sys
2011-05-28 10:00:19 ----SHD---- I:\Documents and Settings\All Users\Dane aplikacji\DSS
2011-05-28 10:00:18 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2011-05-28 09:57:45 ----A---- I:\WINDOWS\system32\rapture3d_oal.dll
2011-05-28 09:57:45 ----A---- I:\WINDOWS\system32\mkl_blueripple.dll
2011-05-28 09:57:44 ----D---- I:\Program Files\BRS
2011-05-27 22:39:19 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\Elephant Games
2011-05-27 22:39:19 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
2011-05-26 20:15:12 ----D---- I:\Program Files\Iceberg Interactive
2011-05-25 21:23:21 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\Vast Studios

======List of files/folders modified in the last 1 months======

2011-06-20 14:14:12 ----RD---- I:\Program Files
2011-06-20 14:14:12 ----D---- I:\WINDOWS\Temp
2011-06-20 14:01:43 ----SHD---- I:\WINDOWS\Installer
2011-06-20 13:31:32 ----D---- I:\WINDOWS\system32
2011-06-20 13:31:32 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 13:27:33 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2011-06-20 12:07:15 ----A---- I:\WINDOWS\SchedLgU.Txt
2011-06-20 06:34:39 ----D---- I:\WINDOWS
2011-06-20 00:43:51 ----HD---- I:\WINDOWS\inf
2011-06-20 00:43:51 ----D---- I:\WINDOWS\system32\drivers
2011-06-20 00:40:33 ----D---- I:\WINDOWS\system32\DirectX
2011-06-20 00:40:08 ----RSD---- I:\WINDOWS\assembly
2011-06-20 00:39:56 ----D---- I:\WINDOWS\system32\CatRoot2
2011-06-20 00:39:48 ----D---- I:\WINDOWS\Prefetch
2011-06-20 00:39:41 ----D---- I:\WINDOWS\Logs
2011-06-20 00:25:34 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\teamspeak2
2011-06-20 00:16:42 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\AIMP
2011-06-19 09:41:24 ----D---- I:\Program Files\Mozilla Firefox
2011-06-18 10:24:00 ----RSD---- I:\WINDOWS\Fonts
2011-06-18 10:09:53 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\Adobe
2011-06-18 10:09:50 ----D---- I:\Program Files\Common Files
2011-06-16 22:46:31 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\uTorrent
2011-06-16 17:59:22 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2011-06-15 23:46:05 ----AD---- I:\Documents and Settings\All Users\Dane aplikacji\TEMP
2011-06-12 21:44:53 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\TS3Client
2011-06-12 20:55:43 ----D---- I:\Program Files\Xfire
2011-06-09 16:53:09 ----D---- I:\Program Files\TeamSpeak 3 Client
2011-06-05 22:56:12 ----D---- I:\Documents and Settings\Wojtas\Dane aplikacji\PriceGong
2011-06-05 22:53:04 ----D---- I:\Program Files\TeamViewer
2011-06-05 22:49:51 ----HD---- I:\Program Files\InstallShield Installation Information
2011-06-05 22:48:16 ----D---- I:\Program Files\Hotspot Shield
2011-06-05 22:48:04 ----D---- I:\Hotspot Shield
2011-06-04 20:55:09 ----D---- I:\Program Files\Microsoft Games for Windows - LIVE
2011-06-04 20:54:52 ----D---- I:\Program Files\Common Files\Microsoft Shared
2011-06-04 20:53:42 ----D---- I:\WINDOWS\WinSxS
2011-06-03 15:49:48 ----D---- I:\Program Files\uTorrentBar
2011-06-03 15:49:45 ----D---- I:\Program Files\ConduitEngine
2011-05-29 13:15:10 ----D---- I:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
2011-05-28 20:35:32 ----D---- I:\Program Files\Shockwave.com
2011-05-28 09:57:30 ----A---- I:\WINDOWS\system32\wrap_oal.dll
2011-05-28 09:57:30 ----A---- I:\WINDOWS\system32\OpenAL32.dll
2011-05-28 09:35:45 ----SD---- I:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2011-05-26 20:20:27 ----D---- I:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ftsata2;ftsata2; I:\WINDOWS\system32\drivers\ftsata2.sys [2008-05-20 175104]
R0 kl1;Kl1; I:\WINDOWS\system32\drivers\kl1.sys [2009-06-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver; I:\WINDOWS\system32\drivers\klbg.sys [2008-12-15 33808]
R0 ohci1394;Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI; I:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; I:\WINDOWS\System32\Drivers\sptd.sys [2011-04-29 436792]
R1 AmdK8;AMD Processor Driver; I:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; I:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-03-26 218688]
R1 KLIF;Kaspersky Lab Driver; I:\WINDOWS\system32\DRIVERS\klif.sys [2011-03-25 296976]
R1 SCDEmu;SCDEmu; I:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\I:\Program Files\System\CPL Bonus\Vcdrom.sys []
R2 atksgt;atksgt; I:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-06-02 278984]
R2 lirsgt;lirsgt; I:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-06-02 25416]
R3 AmdLLD;AMD Low Level Device Driver; I:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokół klienta 1394 ARP; I:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-22 60800]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; I:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Sterownik Microsoft klasy HID; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; I:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; I:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Sterownik myszy HID; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-22 12160]
R3 NIC1394;Sterownik sieci 1394; I:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-22 61824]
R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-19 9624096]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; I:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; I:\WINDOWS\system32\drivers\nvhda32.sys [2010-09-07 100712]
R3 nvnetbus;NVIDIA Network Bus Enumerator; I:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 usbstor;Sterownik magazynu masowego USB; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 kbdhid;Sterownik klawiatury HID; I:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 arn0eiwv;arn0eiwv; I:\WINDOWS\system32\drivers\arn0eiwv.sys []
S3 ati2mtag;ati2mtag; I:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-24 4463104]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; I:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-11-18 95232]
S3 cpuz130;cpuz130; \??\I:\DOCUME~1\Wojtas\USTAWI~1\Temp\cpuz130\cpuz_x32.sys []
S3 EagleXNt;EagleXNt; \??\I:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 ENTECH;ENTECH; \??\I:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\I:\WINDOWS\gdrv.sys []
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver.sys []
S3 taphss;Anchorfree HSS Adapter; I:\WINDOWS\system32\DRIVERS\taphss.sys [2011-04-15 32768]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; I:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-22 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-22 82944]
S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2011-03-25 311680]
R2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\jre6\bin\jqs.exe [2011-04-14 153376]
R2 NAUpdate;@I:\Program Files\Nero\Update\NASvc.exe,-200; I:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2010-10-19 156776]
R2 StarWindServiceAE;StarWind AE Service; I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 Ati HotKey Poller;Ati HotKey Poller; I:\WINDOWS\system32\Ati2evxx.exe [2009-11-24 602112]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; I:\Program Files\Windows Media Player\wmpnetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
[/log]
[log]OTL Extras logfile created on: 2011-06-20 14:08:38 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = J:\Mozilla Download
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,40% Memory free
3,84 Gb Paging File | 3,29 Gb Available in Paging File | 85,64% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 52,60 Gb Total Space | 38,67 Gb Free Space | 73,52% Space Free | Partition Type: NTFS
Drive J: | 439,45 Gb Total Space | 268,34 Gb Free Space | 61,06% Space Free | Partition Type: NTFS
Drive K: | 439,45 Gb Total Space | 356,67 Gb Free Space | 81,16% Space Free | Partition Type: NTFS

Computer Name: VVOJTAS | User Name: Wojtas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58003:TCP" = 58003:TCP:*:Enabled:Pando Media Booster
"58003:UDP" = 58003:UDP:*:Enabled:Pando Media Booster

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Pando Networks\Media Booster\PMB.exe" = I:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"I:\Program Files\uTorrent\uTorrent.exe" = I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"K:\Gta\Grand Theft Auto IV\LaunchGTAIV.exe" = K:\Gta\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"K:\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe" = K:\Bohemia Interactive\ArmA 2 REINFORCEMENTS\arma2RFT.exe:*:Enabled:ArmA 2 Operation Arrowhead -- (Bohemia Interactive)
"I:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = I:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"K:\Symulator Farmy 2011\FarmingSimulator2011.exe" = K:\Symulator Farmy 2011\FarmingSimulator2011.exe:*:Enabled:Symulator Farmy 2011 -- (GIANTS Software GmbH)
"K:\Symulator Farmy 2011\game.exe" = K:\Symulator Farmy 2011\game.exe:*:Enabled:Symulator Farmy 2011 -- (GIANTS Software GmbH)
"K:\Dirt 3\dirt3_game.exe" = K:\Dirt 3\dirt3_game.exe:*:Enabled:DiRT 3 -- (Codemasters Software Company Limited)
"K:\Operation Flashpoint\RedRiver.exe" = K:\Operation Flashpoint\RedRiver.exe:*:Enabled:Operation Flashpoint ®: Red River -- (Codemasters Software Company Limited)
"K:\Operation Flashpoint\RedRiverLauncher.exe" = K:\Operation Flashpoint\RedRiverLauncher.exe:*:Enabled:Operation Flashpoint ®: Red River -- (Sony DADC Austria AG)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0743122B-5C12-4F99-A92F-9DCDBF7EE221}" = WebKeySoft Process Manager 2 Lite
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{49FC50FC-F965-40D9-89B4-CBFF80941PLK}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 261.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 261.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.0.0
"AIMP2" = AIMP2
"ARMA 2 REINFORCEMENTS" = ARMA 2 REINFORCEMENTS Uninstall
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"CPLBonus" = Kels' CPL Bonus Pack!
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Darkness Within 2: The Dark Lineage_is1" = Darkness Within 2: The Dark Lineage
"Driver Magician_is1" = Driver Magician 3.28
"DriveSpace" = Drive Space Indicator
"Duke Nukem Forever_is1" = Duke Nukem Forever
"FarmingSimulator2011PL_is1" = Symulator Farmy 2011
"Fishdom™ 2" = Fishdom™ 2
"Gadu-Gadu 10" = Gadu-Gadu 10
"GameSpy Arcade" = GameSpy Arcade
"German Truck Simulator" = German Truck Simulator 1.02
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GMailFS" = GMail Drive Shell Extension
"Hexus1.0.0" = Hexus
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Lost Chronicles Fall of Caesar 1.00" = Lost Chronicles Fall of Caesar 1.00
"Magical Mysteries Path of the Sorceress 1.00" = Magical Mysteries Path of the Sorceress 1.00
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Native Instruments Traktor DJ Mixer v1.0" = Native Instruments Traktor DJ Mixer v1.0
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"SubEdit-Player_is1" = SubEdit-Player
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VisualTaskTips" = Visual Task Tips 2.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Woodville Chronicles 1.00" = Woodville Chronicles 1.00
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Polish Leauge Patch 11 beta" = Polish Leauge Patch 11 beta
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-19 17:24:53 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3011
Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl
(WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data).

Error - 2011-06-20 00:38:33 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 00:38:33 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 00:38:33 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3011
Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl
(WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data).

Error - 2011-06-20 04:42:55 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 04:42:55 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 04:42:55 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3011
Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl
(WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data).

Error - 2011-06-20 07:31:29 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 07:31:29 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2011-06-20 07:31:29 | Computer Name = VVOJTAS | Source = LoadPerf | ID = 3011
Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl
(WmiApRpl). Kod błędu to pierwszy wpis DWORD w sekcji danych (Data).

[ System Events ]
Error - 2011-04-23 18:35:40 | Computer Name = VVOJTAS | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 001A4DF67D37
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-04-25 13:49:22 | Computer Name = VVOJTAS | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 001A4DF67D37
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-04-25 20:34:57 | Computer Name = VVOJTAS | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla Type nie powiodło się i wystąpił następujący
błąd: %%5.

Error - 2011-04-25 20:43:55 | Computer Name = VVOJTAS | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 10.14.40.23 dla karty sieciowej o adresie 00FFF98AFE1E
został zabroniony przez serwer DHCP 10.89.31.254 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-04-25 21:00:41 | Computer Name = VVOJTAS | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 10.89.24.19 dla karty sieciowej o adresie 00FFF98AFE1E
został zabroniony przez serwer DHCP 10.5.71.254 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-04-25 21:06:51 | Computer Name = VVOJTAS | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 10.5.64.21 dla karty sieciowej o adresie 00FFF98AFE1E
został zabroniony przez serwer DHCP 10.25.31.254 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-04-26 16:57:03 | Computer Name = VVOJTAS | Source = SideBySide | ID = 16842810
Description = Błąd składniowy w pliku manifestu lub w pliku zasad "I:\Program Files\Outlook
Express\msimn.exe" w wierszu 0.

Error - 2011-04-26 16:57:03 | Computer Name = VVOJTAS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla I:\Program Files\Outlook
Express\msimn.exe. Odpowiedni komunikat o błędzie: Operacja ukończona pomyślnie.
.


< End of report >
[/log]
[log]OTL logfile created on: 2011-06-20 14:08:38 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = J:\Mozilla Download
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,40% Memory free
3,84 Gb Paging File | 3,29 Gb Available in Paging File | 85,64% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 52,60 Gb Total Space | 38,67 Gb Free Space | 73,52% Space Free | Partition Type: NTFS
Drive J: | 439,45 Gb Total Space | 268,34 Gb Free Space | 61,06% Space Free | Partition Type: NTFS
Drive K: | 439,45 Gb Total Space | 356,67 Gb Free Space | 81,16% Space Free | Partition Type: NTFS

Computer Name: VVOJTAS | User Name: Wojtas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-10 11:04:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Mozilla Download\OTL.exe
PRC - [2011-05-21 19:17:57 | 000,566,784 | RHS- | M] ( ) -- I:\Documents and Settings\All Users\jushed.exe
PRC - [2011-05-05 14:44:38 | 013,345,376 | ---- | M] (GG Network S.A.) -- I:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2011-04-21 01:36:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011-04-21 01:36:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-04-14 05:08:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- I:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011-01-07 13:12:22 | 000,253,672 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-10-19 01:30:22 | 000,156,776 | ---- | M] (NVIDIA Corporation) -- I:\WINDOWS\system32\nvsvc32.exe
PRC - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- I:\Program Files\Nero\Update\NASvc.exe
PRC - [2010-04-12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- I:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-08-18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-05-22 17:11:08 | 001,503,232 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2008-05-22 17:10:06 | 000,040,448 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\ctfmon.exe
PRC - [2008-05-19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\msiexec.exe
PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\csrss.exe
PRC - [2007-09-05 12:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
PRC - [2007-06-13 08:49:22 | 016,377,344 | R--- | M] (Realtek Semiconductor Corp.) -- I:\WINDOWS\RTHDCPL.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-10 11:04:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Mozilla Download\OTL.exe
MOD - [2008-05-22 17:18:56 | 000,487,424 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\user32.dll
MOD - [2008-05-22 17:17:58 | 000,078,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\srclient.dll
MOD - [2008-05-22 17:17:33 | 000,499,200 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\shlwapi.dll
MOD - [2008-05-22 17:17:22 | 016,057,344 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\shell32.dll
MOD - [2008-05-22 17:16:33 | 002,589,184 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\setupapi.dll
MOD - [2008-05-22 17:09:38 | 001,526,784 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\comres.dll
MOD - [2008-05-22 17:09:26 | 000,333,824 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\comdlg32.dll
MOD - [2008-05-22 14:45:02 | 000,219,648 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\userenv.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 22:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007-09-05 12:20:04 | 000,007,680 | ---- | M] () -- I:\Program Files\Utilities\VisualTaskTips\VttHooks.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-03-25 19:17:14 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- I:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-06-02 21:39:49 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-06-02 21:39:48 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011-04-29 19:57:51 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- I:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-04-15 01:18:08 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011-03-26 02:20:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-03-25 18:59:32 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- I:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-25 17:21:21 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-09-07 22:08:58 | 000,100,712 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010-04-12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-11-24 16:50:16 | 004,463,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-11-18 12:24:26 | 000,095,232 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-06-15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- I:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009-05-16 21:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-05-13 18:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008-12-15 21:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- I:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008-05-20 15:11:10 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007-06-28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-06-14 10:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-06-19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-12-19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- I:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011-06-02 20:55:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011-04-21 01:36:29 | 000,066,520 | ---- | M] (mozilla.org)
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-03-25 18:59:50 | 000,000,000 | ---D | M]

[2011-05-05 15:05:30 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Extensions
[2011-06-19 09:31:22 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\extensions
[2011-05-27 12:30:21 | 000,000,000 | ---D | M] (DownloadHelper) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-21 16:12:42 | 000,000,863 | ---- | M] () -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\searchplugins\conduit.xml
[2011-03-26 02:19:54 | 000,002,059 | ---- | M] () -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\searchplugins\daemon-search.xml
[2011-06-19 09:31:22 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011-04-29 14:50:11 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-29 20:22:40 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-05-05 02:11:07 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011-03-25 19:00:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- I:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-04-29 14:49:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-21 01:10:05 | 000,002,767 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2011-04-21 01:10:05 | 000,001,406 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-04-21 01:10:05 | 000,000,917 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-04-21 01:10:05 | 000,000,858 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-04-21 01:10:05 | 000,001,183 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-04-21 01:10:05 | 000,001,683 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-08-23 14:00:00 | 000,000,742 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] I:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] I:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] I:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\.DEFAULT..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKU\S-1-5-18..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKU\S-1-5-20..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [AlcoholAutomount] I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [DAEMON Tools Lite] I:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [Gadu-Gadu 10] I:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [jushed] I:\Documents and Settings\All Users\jushed.exe ( )
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [Pando Media Booster] I:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - I:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Dodaj do blokowanych banerów - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKU\.DEFAULT\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-220523388-1801674531-1001\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - I:\WINDOWS\system32\klogon.dll - I:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-11 14:24:48 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c4078676-573e-11e0-85a5-001a4df67d37}\Shell - "" = AutoRun
O33 - MountPoints2\{c4078676-573e-11e0-85a5-001a4df67d37}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011-06-11 14:24:48 | 000,530,669 | R--- | M] (2K Games )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-20 13:58:37 | 000,000,000 | ---D | C] -- I:\Program Files\WebKeySoft
[2011-06-20 13:58:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\WebKeySoft
[2011-06-20 12:07:08 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Wojtas\Recent
[2011-06-20 00:47:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Duke Nukem Forever
[2011-06-20 00:43:49 | 000,034,304 | ---- | C] (AMD, Inc.) -- I:\WINDOWS\System32\drivers\AmdLLD.sys
[2011-06-20 00:43:47 | 000,000,000 | ---D | C] -- I:\Program Files\AMD
[2011-06-20 00:43:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
[2011-06-20 00:33:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\2K Games
[2011-06-18 11:45:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Pulpit\Ryby
[2011-06-18 10:23:59 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\Virtual DJ
[2011-06-18 10:23:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\VirtualDJ
[2011-06-18 10:23:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\Native Instruments Traktor DJ Mixer
[2011-06-18 10:09:50 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Adobe
[2011-06-18 10:09:50 | 000,000,000 | ---D | C] -- I:\Program Files\Adobe
[2011-06-05 22:45:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\DailyMagic
[2011-06-04 20:55:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Games for Windows Marketplace
[2011-05-29 18:57:56 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy
[2011-05-28 10:00:19 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\All Users\Dane aplikacji\DSS
[2011-05-28 10:00:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2011-05-28 10:00:13 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dokumenty\microsoft
[2011-05-28 09:57:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Blue Ripple Sound
[2011-05-28 09:57:45 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- I:\WINDOWS\System32\rapture3d_oal.dll
[2011-05-28 09:57:44 | 000,000,000 | ---D | C] -- I:\Program Files\BRS
[2011-05-28 09:39:49 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Codemasters
[2011-05-27 22:39:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Elephant Games
[2011-05-27 22:39:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2011-05-27 13:17:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\My Cheat Tables
[2011-05-26 20:19:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Iceberg Interactive
[2011-05-26 20:15:12 | 000,000,000 | ---D | C] -- I:\Program Files\Iceberg Interactive
[2011-05-25 21:23:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Vast Studios
[2011-05-25 21:22:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar
[2011-05-21 21:08:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\The Witcher 2
[2011-05-21 20:22:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\The Witcher 2
[2011-05-21 19:17:57 | 007,987,953 | ---- | C] (CCCP Project ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
[2011-05-21 19:17:57 | 000,566,784 | RHS- | C] ( ) -- I:\Documents and Settings\All Users\jushed.exe
[2011-05-21 19:17:57 | 000,566,784 | ---- | C] ( ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
[2011-05-21 19:17:57 | 000,347,136 | RHS- | C] (NirSoft) -- I:\Documents and Settings\All Users\nircmd.exe
[2011-05-21 19:17:57 | 000,347,136 | ---- | C] (NirSoft) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe
[2011-05-21 14:25:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Witcher 2
[2011-05-21 14:25:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\The Witcher 2
[2011-05-20 20:20:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\German Truck Simulator
[2011-05-20 20:19:55 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\German Truck Simulator
[2011-05-15 19:22:44 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Techland
[2011-05-15 19:02:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\DreamWorks
[2011-05-15 13:29:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\GameSpy Arcade
[2011-05-15 13:29:25 | 000,000,000 | ---D | C] -- I:\Program Files\GameSpy Arcade
[2011-05-15 12:52:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Ubisoft Game Launcher
[2011-05-15 12:26:30 | 000,000,000 | ---D | C] -- I:\Program Files\Ubisoft
[2011-05-14 19:59:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\ERS Game Studios
[2011-05-08 21:21:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\dj3
[2011-05-08 19:45:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\AlderGames
[2011-05-08 17:32:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\PlayFirst
[2011-05-08 17:32:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2011-05-08 14:09:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\BlackLegend D3D
[2011-05-07 10:33:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Vogat Interactive
[2011-05-06 10:14:59 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Funswitch
[2011-05-06 10:13:23 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\The Secrets Of Hildegard
[2011-05-05 15:05:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox
[2011-05-05 02:02:30 | 000,000,000 | ---D | C] -- I:\Program Files\CCleaner
[2011-05-04 20:22:54 | 000,000,000 | ---D | C] -- I:\Program Files\FunWebProducts
[2011-05-04 20:06:58 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- I:\WINDOWS\System32\HMIPCore.dll
[2011-04-29 20:06:31 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\PowerISO
[2011-04-29 20:06:30 | 000,000,000 | ---D | C] -- I:\Program Files\PowerISO
[2011-04-29 20:02:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Alcohol 120%
[2011-04-29 20:00:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Alcohol 120%
[2011-04-29 20:00:41 | 000,000,000 | ---D | C] -- I:\Program Files\Alcohol Soft
[2011-04-29 17:35:51 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
[2011-04-29 14:51:27 | 000,000,000 | ---D | C] -- I:\Program Files\SystemRequirementsLab
[2011-04-29 14:51:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\SystemRequirementsLab
[2011-04-29 14:51:18 | 000,000,000 | ---D | C] -- I:\WINDOWS\Sun
[2011-04-29 14:51:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\Sun
[2011-04-26 13:55:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\My Logo Design Studio Trial Projects
[2011-04-26 13:55:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\My Logo Design Studio Projects
[2011-04-26 13:55:08 | 000,000,000 | ---D | C] -- I:\Program Files\Summitsoft
[2011-04-26 13:55:08 | 000,000,000 | ---D | C] -- I:\WINDOWS\Logo Design Studio
[2011-04-26 02:34:36 | 000,000,000 | ---D | C] -- I:\Hotspot Shield
[2011-04-26 02:34:31 | 000,000,000 | ---D | C] -- I:\Program Files\Hotspot Shield
[2011-04-26 01:01:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Xfire
[2011-04-26 01:01:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Xfire
[2011-04-26 01:01:02 | 000,000,000 | ---D | C] -- I:\Program Files\Xfire
[2011-04-25 23:53:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\TeamViewer
[2011-04-25 23:52:59 | 000,000,000 | ---D | C] -- I:\Program Files\TeamViewer
[2011-04-22 16:46:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\.gstreamer-0.10
[2011-04-22 16:45:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\OpenFM
[2011-04-22 16:45:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- I:\WINDOWS\System32\drvc.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-20 14:01:43 | 000,002,595 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\WebKeySoft Process Manager 2 Lite.lnk
[2011-06-20 13:31:32 | 000,615,452 | ---- | M] () -- I:\WINDOWS\System32\perfh015.dat
[2011-06-20 13:31:32 | 000,518,180 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011-06-20 13:31:32 | 000,145,192 | ---- | M] () -- I:\WINDOWS\System32\perfc015.dat
[2011-06-20 13:31:32 | 000,115,542 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011-06-20 13:27:33 | 000,000,002 | ---- | M] () -- I:\Documents and Settings\All Users\timerxfile
[2011-06-20 13:27:33 | 000,000,002 | ---- | M] () -- I:\Documents and Settings\All Users\datesavefile
[2011-06-20 13:27:33 | 000,000,001 | ---- | M] () -- I:\Documents and Settings\All Users\varsavefile
[2011-06-20 13:27:11 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011-06-20 00:33:51 | 000,000,703 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Duke Nukem Forever.lnk
[2011-06-19 13:13:31 | 000,000,462 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\PLP 11 Center.lnk
[2011-06-19 12:44:23 | 000,002,465 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Nero BurnLite 10.lnk
[2011-06-18 14:26:53 | 000,095,072 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-18 10:23:59 | 000,000,499 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Virtual DJ.lnk
[2011-06-05 23:16:14 | 000,000,966 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\DarkDimensions_CityOfFog.exe.lnk
[2011-06-04 20:53:25 | 000,001,503 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Operation Flashpoint ® Red River.lnk
[2011-06-02 21:39:49 | 000,278,984 | ---- | M] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2011-06-02 21:39:48 | 000,025,416 | ---- | M] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2011-06-02 14:28:53 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011-06-02 11:38:54 | 000,000,627 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Royal_Envoy.exe.lnk
[2011-05-30 18:14:31 | 000,000,431 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy.lnk
[2011-05-28 09:57:30 | 000,444,952 | ---- | M] (Creative Labs) -- I:\WINDOWS\System32\wrap_oal.dll
[2011-05-28 09:56:56 | 000,001,374 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\DiRT 3.lnk
[2011-05-27 22:40:12 | 000,000,879 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\MysteryTrackers_Raincliff_CE.exe.lnk
[2011-05-26 20:19:28 | 000,000,975 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Darkness Within 2.lnk
[2011-05-25 21:23:03 | 000,001,861 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar.lnk
[2011-05-23 16:22:10 | 000,115,369 | ---- | M] () -- I:\WINDOWS\System32\drivers\klin.dat
[2011-05-22 15:16:42 | 000,000,492 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Launcher.lnk
[2011-05-21 20:36:20 | 007,987,953 | ---- | M] (CCCP Project ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
[2011-05-21 20:36:20 | 000,566,784 | ---- | M] ( ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
[2011-05-21 20:36:20 | 000,347,136 | RHS- | M] (NirSoft) -- I:\Documents and Settings\All Users\nircmd.exe
[2011-05-21 20:36:20 | 000,347,136 | ---- | M] (NirSoft) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe
[2011-05-21 20:36:20 | 000,004,768 | ---- | M] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\operaprefs.ini
[2011-05-21 20:36:20 | 000,004,768 | ---- | M] () -- I:\Documents and Settings\All Users\operaprefs.ini
[2011-05-21 19:17:57 | 000,566,784 | RHS- | M] ( ) -- I:\Documents and Settings\All Users\jushed.exe
[2011-05-20 20:19:55 | 000,000,920 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\German Truck Simulator.lnk
[2011-05-20 16:20:17 | 000,240,592 | ---- | M] () -- I:\WINDOWS\System32\nvdrsdb0.bin
[2011-05-20 16:20:17 | 000,000,001 | ---- | M] () -- I:\WINDOWS\System32\nvdrssel.bin
[2011-05-20 16:20:14 | 000,240,592 | ---- | M] () -- I:\WINDOWS\System32\nvdrsdb1.bin
[2011-05-20 16:20:14 | 000,000,000 | ---- | M] () -- I:\WINDOWS\System32\nvdrswr.lk
[2011-05-15 19:22:44 | 000,000,625 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Symulator Farmy 2011 .lnk
[2011-05-15 12:22:34 | 000,000,210 | ---- | M] () -- I:\WINDOWS\System32\spupdsvc.inf
[2011-05-14 18:21:50 | 000,000,916 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Magical Mysteries Path of the Sorceress.lnk
[2011-05-13 20:43:26 | 000,000,632 | ---- | M] () -- I:\WINDOWS\Thps3.INI
[2011-05-09 17:01:39 | 005,760,054 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\DreamChronicles5 wllppr_05.bmp
[2011-05-08 14:13:58 | 000,786,416 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\14.9 Pub..zip
[2011-05-08 14:13:27 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\Wojtas\14.9 Pub..zip
[2011-05-08 14:08:44 | 003,237,961 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\BlackLegend D3D.rar
[2011-05-08 14:07:22 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\Wojtas\BlackLegend D3D.rar
[2011-05-07 18:07:23 | 000,000,754 | ---- | M] () -- I:\WINDOWS\WORDPAD.INI
[2011-05-07 09:38:26 | 000,736,256 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Pub.dll
[2011-05-05 15:05:24 | 000,001,611 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-05-05 02:02:36 | 000,000,691 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2011-05-04 20:27:57 | 000,000,167 | ---- | M] () -- I:\WINDOWS\wininit.ini
[2011-05-02 13:31:49 | 000,001,984 | ---- | M] () -- I:\WINDOWS\System32\d3d9caps.dat
[2011-04-29 20:05:22 | 000,000,247 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\ax_files.xml
[2011-04-26 01:28:48 | 000,000,647 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Xfire.lnk
[2011-04-24 18:20:00 | 003,340,238 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Siro's pub 8.6.zip
[2011-04-24 18:18:48 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\Wojtas\Siro's pub 8.6.zip
[2011-04-22 21:59:00 | 000,461,750 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\S6300245.JPG
[2011-04-22 21:56:49 | 000,065,064 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\nikaa.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-20 13:58:37 | 000,002,595 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\WebKeySoft Process Manager 2 Lite.lnk
[2011-06-20 00:33:51 | 000,000,703 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Duke Nukem Forever.lnk
[2011-06-19 13:13:31 | 000,000,462 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\PLP 11 Center.lnk
[2011-06-18 10:23:59 | 000,000,499 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Virtual DJ.lnk
[2011-06-18 10:09:56 | 000,001,804 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
[2011-06-05 23:16:14 | 000,000,966 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\DarkDimensions_CityOfFog.exe.lnk
[2011-06-04 20:54:53 | 000,001,094 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Start\Programy\Windows Live ID.lnk
[2011-06-04 20:53:25 | 000,001,503 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Operation Flashpoint ® Red River.lnk
[2011-06-02 21:39:49 | 000,278,984 | ---- | C] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2011-06-02 21:39:48 | 000,025,416 | ---- | C] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2011-06-02 11:37:15 | 000,000,627 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Royal_Envoy.exe.lnk
[2011-05-30 18:14:31 | 000,000,431 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy.lnk
[2011-05-28 09:56:56 | 000,001,374 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\DiRT 3.lnk
[2011-05-27 22:40:11 | 000,000,879 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\MysteryTrackers_Raincliff_CE.exe.lnk
[2011-05-26 20:19:28 | 000,000,975 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Darkness Within 2.lnk
[2011-05-25 21:23:03 | 000,001,861 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar.lnk
[2011-05-22 15:16:42 | 000,000,492 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Launcher.lnk
[2011-05-21 19:18:09 | 000,000,002 | ---- | C] () -- I:\Documents and Settings\All Users\timerxfile
[2011-05-21 19:18:09 | 000,000,002 | ---- | C] () -- I:\Documents and Settings\All Users\datesavefile
[2011-05-21 19:18:09 | 000,000,001 | ---- | C] () -- I:\Documents and Settings\All Users\varsavefile
[2011-05-21 19:17:57 | 000,004,768 | ---- | C] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\operaprefs.ini
[2011-05-21 19:17:57 | 000,004,768 | ---- | C] () -- I:\Documents and Settings\All Users\operaprefs.ini
[2011-05-20 20:19:55 | 000,000,920 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\German Truck Simulator.lnk
[2011-05-15 22:23:12 | 000,072,258 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Amber Maiden - Track1.tif
[2011-05-15 22:23:04 | 002,066,691 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Amber Maiden - Track1.wma
[2011-05-15 19:22:44 | 000,000,625 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Symulator Farmy 2011 .lnk
[2011-05-15 12:22:34 | 000,000,210 | ---- | C] () -- I:\WINDOWS\System32\spupdsvc.inf
[2011-05-13 20:38:07 | 000,000,632 | ---- | C] () -- I:\WINDOWS\Thps3.INI
[2011-05-09 17:01:38 | 005,760,054 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\DreamChronicles5 wllppr_05.bmp
[2011-05-08 19:02:49 | 000,000,916 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Magical Mysteries Path of the Sorceress.lnk
[2011-05-08 14:14:37 | 000,736,256 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Pub.dll
[2011-05-08 14:14:37 | 000,201,728 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Pub.exe
[2011-05-08 14:13:32 | 000,786,416 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\14.9 Pub..zip
[2011-05-08 14:13:27 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Wojtas\14.9 Pub..zip
[2011-05-08 14:07:38 | 003,237,961 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\BlackLegend D3D.rar
[2011-05-08 14:07:22 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Wojtas\BlackLegend D3D.rar
[2011-05-07 18:07:23 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI
[2011-05-05 02:02:36 | 000,000,691 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2011-05-04 20:23:58 | 000,000,167 | ---- | C] () -- I:\WINDOWS\wininit.ini
[2011-04-29 20:02:27 | 000,000,247 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\ax_files.xml
[2011-04-26 01:28:48 | 000,000,647 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Xfire.lnk
[2011-04-24 18:18:51 | 003,340,238 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Siro's pub 8.6.zip
[2011-04-24 18:18:48 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Wojtas\Siro's pub 8.6.zip
[2011-04-22 21:57:34 | 000,461,750 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\S6300245.JPG
[2011-04-22 21:56:24 | 000,065,064 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\nikaa.jpg
[2011-04-20 16:17:05 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ativpsrm.bin
[2011-04-20 16:16:44 | 000,887,724 | R--- | C] () -- I:\WINDOWS\System32\ativva6x.dat
[2011-04-20 16:16:44 | 000,196,565 | R--- | C] () -- I:\WINDOWS\System32\atiicdxx.dat
[2011-04-20 16:16:44 | 000,000,003 | R--- | C] () -- I:\WINDOWS\System32\ativva5x.dat
[2011-04-20 11:07:10 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb0.bin
[2011-04-20 11:07:08 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb1.bin
[2011-04-20 11:07:08 | 000,000,001 | ---- | C] () -- I:\WINDOWS\System32\nvdrssel.bin
[2011-04-17 22:15:07 | 000,178,176 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[2011-04-17 21:57:54 | 000,041,872 | ---- | C] () -- I:\WINDOWS\System32\xfcodec.dll
[2011-04-17 21:45:02 | 000,001,984 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2011-04-15 13:35:56 | 000,003,584 | ---- | C] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- I:\WINDOWS\System32\xlive.dll.cat
[2011-03-26 12:13:28 | 000,002,352 | ---- | C] () -- I:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-03-25 19:08:20 | 000,604,140 | -HS- | C] () -- I:\WINDOWS\System32\drivers\ISwift3.dat
[2011-03-25 19:00:03 | 000,115,369 | ---- | C] () -- I:\WINDOWS\System32\drivers\klin.dat
[2011-03-25 19:00:03 | 000,097,859 | ---- | C] () -- I:\WINDOWS\System32\drivers\klick.dat
[2011-03-25 17:55:50 | 000,001,732 | ---- | C] () -- I:\WINDOWS\System32\drivers\nvphy.bin
[2011-03-25 17:53:59 | 000,004,293 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2011-03-25 17:46:01 | 000,095,072 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-25 17:27:38 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2011-03-25 17:19:59 | 000,049,152 | R--- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2011-03-25 17:04:51 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2011-03-25 17:04:07 | 000,110,602 | ---- | C] () -- I:\WINDOWS\System32\xcdsfx32.bin
[2011-03-25 17:01:25 | 000,021,856 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2011-03-25 17:00:15 | 000,394,752 | ---- | C] () -- I:\WINDOWS\System32\cygwinb19.dll
[2010-10-08 03:11:00 | 002,293,194 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin
[2009-07-03 16:45:12 | 000,027,507 | ---- | C] () -- I:\WINDOWS\System32\drivers\klopp.dat
[2009-02-18 07:55:20 | 000,294,912 | ---- | C] () -- I:\WINDOWS\System32\ATIODE.exe
[2009-02-03 10:52:02 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\ATIODCLI.exe
[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- I:\WINDOWS\System32\libavcodec.dll
[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- I:\WINDOWS\System32\ff_x264.dll
[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- I:\WINDOWS\System32\ff_wmv9.dll
[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- I:\WINDOWS\System32\ff_theora.dll
[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- I:\WINDOWS\System32\libmplayer.dll
[2008-04-14 23:16:20 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2008-03-06 03:37:26 | 000,000,183 | ---- | C] () -- I:\WINDOWS\System32\oeminfo.ini
[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2006-11-02 17:10:16 | 000,080,912 | ---- | C] () -- I:\WINDOWS\System32\sherlock2.exe
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- I:\WINDOWS\System32\ff_mpeg2enc.dll
[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2001-08-23 14:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2001-08-23 14:00:00 | 000,615,452 | ---- | C] () -- I:\WINDOWS\System32\perfh015.dat
[2001-08-23 14:00:00 | 000,518,180 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2001-08-23 14:00:00 | 000,313,828 | ---- | C] () -- I:\WINDOWS\System32\perfi015.dat
[2001-08-23 14:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2001-08-23 14:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2001-08-23 14:00:00 | 000,145,192 | ---- | C] () -- I:\WINDOWS\System32\perfc015.dat
[2001-08-23 14:00:00 | 000,115,542 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2001-08-23 14:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2001-08-23 14:00:00 | 000,034,990 | ---- | C] () -- I:\WINDOWS\System32\perfd015.dat
[2001-08-23 14:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-05-28 10:00:18 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2011-03-26 02:19:48 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-05-28 10:00:19 | 000,000,000 | -HSD | M] -- I:\Documents and Settings\All Users\Dane aplikacji\DSS
[2011-04-02 12:08:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\EA Core
[2011-04-02 12:08:50 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2011-05-27 22:39:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2011-03-25 18:56:30 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-06-16 17:59:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-05-08 17:32:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2011-05-29 13:15:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Playrix Entertainment
[2011-03-26 18:52:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2011-04-03 18:40:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Rumbic Studio
[2011-04-02 12:09:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\Solidshield
[2011-06-15 23:46:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-03-25 17:01:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Default User\Dane aplikacji\Xentient
[2011-06-20 00:16:42 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\AIMP
[2011-05-08 19:45:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\AlderGames
[2011-03-26 02:21:07 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\DAEMON Tools Lite
[2011-06-05 22:45:20 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\DailyMagic
[2011-05-27 22:39:19 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Elephant Games
[2011-05-14 19:59:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\ERS Game Studios
[2011-05-06 10:14:59 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Funswitch
[2011-04-30 22:01:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Gadu-Gadu 10
[2011-03-26 20:35:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\GameRanger
[2011-04-04 09:05:10 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\iMaxGen
[2011-03-26 02:33:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Leadertech
[2011-03-25 18:55:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Nowe Gadu-Gadu
[2011-04-22 16:45:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\OpenFM
[2011-05-08 17:32:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\PlayFirst
[2011-04-09 18:36:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Playrix Entertainment
[2011-06-05 22:56:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\PriceGong
[2011-04-26 00:38:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\TeamViewer
[2011-06-12 21:44:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\TS3Client
[2011-06-16 22:46:31 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\uTorrent
[2011-05-25 21:23:21 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Vast Studios
[2011-05-07 10:33:04 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Vogat Interactive
[2011-03-25 17:01:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Xentient

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2011-03-25 17:45:23 | 000,000,210 | -HS- | M] () -- I:\boot.ini
[2001-08-23 14:00:00 | 000,004,952 | RHS- | M] () -- I:\Bootfont.bin
[2011-03-25 17:20:03 | 000,000,206 | ---- | M] () -- I:\csb.log
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- I:\ntldr
[2011-06-20 13:27:09 | 2145,386,496 | -HS- | M] () -- I:\pagefile.sys
[2011-03-25 17:04:06 | 000,001,224 | ---- | M] () -- I:\Silverlight0.log
[2011-03-25 17:04:06 | 000,176,474 | ---- | M] () -- I:\SilverlightMSI.log


[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- I:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- I:\WINDOWS\system32\drivers\cdrom.sys
[2011-02-08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- I:\WINDOWS\system32\dllcache\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- I:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- I:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- I:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 193 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF3C50F
@Alternate Data Stream - 173 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:587F3582
@Alternate Data Stream - 143 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C2F24DB5
@Alternate Data Stream - 140 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:5FD35242
@Alternate Data Stream - 139 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:9A603EB0
@Alternate Data Stream - 137 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:E7367C77
@Alternate Data Stream - 135 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C36D0DFD
@Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:E9EE2AB9
@Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E7A0CF1
@Alternate Data Stream - 126 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:6E2D80C8
@Alternate Data Stream - 120 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C48905F4

< End of report >
[/log]

Mateusz J.
komentarz
komentarz

@wojtax
Do okna OTL wklej:
[code]:OTL
PRC - [2011-05-21 19:17:57 | 000,566,784 | RHS- | M] ( ) -- I:\Documents and Settings\All Users\jushed.exe
O4 - HKCU..\Run: [jushed] I:\Documents and Settings\All Users\jushed.exe ( )

:file
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
I:\Documents and Settings\All Users\jushed.exe
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
I:\Documents and Settings\All Users\nircmd.exe
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

:Commands
[emptyflash]
[emptytemp][/code]Kliknij Wykonaj skrypt, potwierdź ponowne uruchomienie systemu.
Tworzysz nowy log i pokazujesz go na forum.

wojtax2
komentarz
komentarz (edytowane)

Zrobiłem jak kazałeś i załączam Log po Twojej komendzie.

[log]OTL logfile created on: 2011-06-20 15:05:02 - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = J:\Mozilla Download
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,79% Memory free
3,84 Gb Paging File | 3,49 Gb Available in Paging File | 90,75% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 52,60 Gb Total Space | 38,77 Gb Free Space | 73,70% Space Free | Partition Type: NTFS
Drive J: | 439,45 Gb Total Space | 268,34 Gb Free Space | 61,06% Space Free | Partition Type: NTFS
Drive K: | 439,45 Gb Total Space | 356,67 Gb Free Space | 81,16% Space Free | Partition Type: NTFS

Computer Name: VVOJTAS | User Name: Wojtas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-06-10 11:04:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Mozilla Download\OTL.exe
PRC - [2011-05-21 19:17:57 | 000,566,784 | RHS- | M] ( ) -- I:\Documents and Settings\All Users\jushed.exe
PRC - [2011-04-21 01:36:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- I:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- I:\Program Files\Nero\Update\NASvc.exe
PRC - [2010-04-12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- I:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2008-05-22 17:11:08 | 001,503,232 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007-09-05 12:20:12 | 000,036,352 | ---- | M] (VisualTaskTips.com) -- I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-06-10 11:04:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Mozilla Download\OTL.exe
MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007-09-05 12:20:04 | 000,007,680 | ---- | M] () -- I:\Program Files\Utilities\VisualTaskTips\VttHooks.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-03-25 19:17:14 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- I:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-06-02 21:39:49 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-06-02 21:39:48 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011-04-29 19:57:51 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- I:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-04-15 01:18:08 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011-03-26 02:20:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-03-25 18:59:32 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- I:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-25 17:21:21 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-09-07 22:08:58 | 000,100,712 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010-04-12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-11-24 16:50:16 | 004,463,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-11-18 12:24:26 | 000,095,232 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009-06-15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- I:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009-05-16 21:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-05-13 18:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008-12-15 21:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- I:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008-05-20 15:11:10 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2007-06-29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007-06-28 12:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-06-14 10:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-06-19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001-12-19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- I:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011-06-02 20:55:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011-04-21 01:36:29 | 000,066,520 | ---- | M] (mozilla.org)
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-03-25 18:59:50 | 000,000,000 | ---D | M]

[2011-05-05 15:05:30 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Extensions
[2011-06-19 09:31:22 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\extensions
[2011-05-27 12:30:21 | 000,000,000 | ---D | M] (DownloadHelper) -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-21 16:12:42 | 000,000,863 | ---- | M] () -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\searchplugins\conduit.xml
[2011-03-26 02:19:54 | 000,002,059 | ---- | M] () -- I:\Documents and Settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\b8ryxoaa.default\searchplugins\daemon-search.xml
[2011-06-19 09:31:22 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011-04-29 14:50:11 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-29 20:22:40 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-05-05 02:11:07 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011-03-25 19:00:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- I:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-04-29 14:49:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-21 01:10:05 | 000,002,767 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2011-04-21 01:10:05 | 000,001,406 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-04-21 01:10:05 | 000,000,917 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-04-21 01:10:05 | 000,000,858 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-04-21 01:10:05 | 000,001,183 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-04-21 01:10:05 | 000,001,683 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-08-23 14:00:00 | 000,000,742 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - I:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - I:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - I:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] I:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] I:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] I:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] I:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] I:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [jushed] I:\Documents and Settings\All Users\jushed.exe ( )
O4 - HKCU..\Run: [VisualTaskTips] I:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - I:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Dodaj do blokowanych banerów - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - I:\WINDOWS\system32\klogon.dll - I:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-11 14:24:48 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c4078676-573e-11e0-85a5-001a4df67d37}\Shell - "" = AutoRun
O33 - MountPoints2\{c4078676-573e-11e0-85a5-001a4df67d37}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011-06-11 14:24:48 | 000,530,669 | R--- | M] (2K Games )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-06-20 14:14:12 | 000,000,000 | ---D | C] -- I:\Program Files\trend micro
[2011-06-20 14:14:11 | 000,000,000 | ---D | C] -- I:\rsit
[2011-06-20 13:58:37 | 000,000,000 | ---D | C] -- I:\Program Files\WebKeySoft
[2011-06-20 13:58:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\WebKeySoft
[2011-06-20 12:07:08 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Wojtas\Recent
[2011-06-20 00:47:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Duke Nukem Forever
[2011-06-20 00:43:49 | 000,034,304 | ---- | C] (AMD, Inc.) -- I:\WINDOWS\System32\drivers\AmdLLD.sys
[2011-06-20 00:43:47 | 000,000,000 | ---D | C] -- I:\Program Files\AMD
[2011-06-20 00:43:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
[2011-06-20 00:33:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\2K Games
[2011-06-18 11:45:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Pulpit\Ryby
[2011-06-18 10:23:59 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\Virtual DJ
[2011-06-18 10:23:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\VirtualDJ
[2011-06-18 10:23:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Menu Start\Programy\Native Instruments Traktor DJ Mixer
[2011-06-18 10:09:50 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Adobe
[2011-06-18 10:09:50 | 000,000,000 | ---D | C] -- I:\Program Files\Adobe
[2011-06-05 22:45:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\DailyMagic
[2011-06-04 20:55:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Games for Windows Marketplace
[2011-05-29 18:57:56 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy
[2011-05-28 10:00:19 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\All Users\Dane aplikacji\DSS
[2011-05-28 10:00:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2011-05-28 10:00:13 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dokumenty\microsoft
[2011-05-28 09:57:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Blue Ripple Sound
[2011-05-28 09:57:45 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- I:\WINDOWS\System32\mkl_blueripple.dll
[2011-05-28 09:57:45 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- I:\WINDOWS\System32\rapture3d_oal.dll
[2011-05-28 09:57:44 | 000,000,000 | ---D | C] -- I:\Program Files\BRS
[2011-05-28 09:39:49 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Codemasters
[2011-05-27 22:39:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Elephant Games
[2011-05-27 22:39:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Dane aplikacji\Elephant Games
[2011-05-27 13:17:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\My Cheat Tables
[2011-05-26 20:19:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\Iceberg Interactive
[2011-05-26 20:15:12 | 000,000,000 | ---D | C] -- I:\Program Files\Iceberg Interactive
[2011-05-25 21:23:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Dane aplikacji\Vast Studios
[2011-05-25 21:22:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar
[2011-05-21 21:08:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Menu Start\Programy\The Witcher 2
[2011-05-21 20:22:46 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Wojtas\Moje dokumenty\The Witcher 2
[2011-05-21 19:17:57 | 007,987,953 | ---- | C] (CCCP Project ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
[2011-05-21 19:17:57 | 000,566,784 | RHS- | C] ( ) -- I:\Documents and Settings\All Users\jushed.exe
[2011-05-21 19:17:57 | 000,566,784 | ---- | C] ( ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
[2011-05-21 19:17:57 | 000,347,136 | RHS- | C] (NirSoft) -- I:\Documents and Settings\All Users\nircmd.exe
[2011-05-21 19:17:57 | 000,347,136 | ---- | C] (NirSoft) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- I:\WINDOWS\System32\drvc.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-06-20 15:02:36 | 000,000,002 | ---- | M] () -- I:\Documents and Settings\All Users\timerxfile
[2011-06-20 15:02:36 | 000,000,002 | ---- | M] () -- I:\Documents and Settings\All Users\datesavefile
[2011-06-20 15:02:36 | 000,000,001 | ---- | M] () -- I:\Documents and Settings\All Users\varsavefile
[2011-06-20 15:02:25 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011-06-20 14:01:43 | 000,002,595 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\WebKeySoft Process Manager 2 Lite.lnk
[2011-06-20 13:31:32 | 000,615,452 | ---- | M] () -- I:\WINDOWS\System32\perfh015.dat
[2011-06-20 13:31:32 | 000,518,180 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011-06-20 13:31:32 | 000,145,192 | ---- | M] () -- I:\WINDOWS\System32\perfc015.dat
[2011-06-20 13:31:32 | 000,115,542 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011-06-20 00:33:51 | 000,000,703 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Duke Nukem Forever.lnk
[2011-06-19 13:13:31 | 000,000,462 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\PLP 11 Center.lnk
[2011-06-19 12:44:23 | 000,002,465 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Nero BurnLite 10.lnk
[2011-06-18 14:26:53 | 000,095,072 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-18 10:23:59 | 000,000,499 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Virtual DJ.lnk
[2011-06-05 23:16:14 | 000,000,966 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\DarkDimensions_CityOfFog.exe.lnk
[2011-06-04 20:53:25 | 000,001,503 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Operation Flashpoint ® Red River.lnk
[2011-06-02 21:39:49 | 000,278,984 | ---- | M] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2011-06-02 21:39:48 | 000,025,416 | ---- | M] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2011-06-02 14:28:53 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011-06-02 11:38:54 | 000,000,627 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Royal_Envoy.exe.lnk
[2011-05-30 18:14:31 | 000,000,431 | ---- | M] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy.lnk
[2011-05-28 09:57:30 | 000,444,952 | ---- | M] (Creative Labs) -- I:\WINDOWS\System32\wrap_oal.dll
[2011-05-28 09:57:30 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- I:\WINDOWS\System32\OpenAL32.dll
[2011-05-28 09:56:56 | 000,001,374 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\DiRT 3.lnk
[2011-05-27 22:40:12 | 000,000,879 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\MysteryTrackers_Raincliff_CE.exe.lnk
[2011-05-26 20:19:28 | 000,000,975 | ---- | M] () -- I:\Documents and Settings\All Users\Pulpit\Darkness Within 2.lnk
[2011-05-25 21:23:03 | 000,001,861 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar.lnk
[2011-05-23 16:22:10 | 000,115,369 | ---- | M] () -- I:\WINDOWS\System32\drivers\klin.dat
[2011-05-22 15:16:42 | 000,000,492 | ---- | M] () -- I:\Documents and Settings\Wojtas\Pulpit\Launcher.lnk
[2011-05-21 20:36:20 | 007,987,953 | ---- | M] (CCCP Project ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
[2011-05-21 20:36:20 | 000,566,784 | ---- | M] ( ) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
[2011-05-21 20:36:20 | 000,347,136 | RHS- | M] (NirSoft) -- I:\Documents and Settings\All Users\nircmd.exe
[2011-05-21 20:36:20 | 000,347,136 | ---- | M] (NirSoft) -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe
[2011-05-21 20:36:20 | 000,004,768 | ---- | M] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\operaprefs.ini
[2011-05-21 20:36:20 | 000,004,768 | ---- | M] () -- I:\Documents and Settings\All Users\operaprefs.ini
[2011-05-21 19:17:57 | 000,566,784 | RHS- | M] ( ) -- I:\Documents and Settings\All Users\jushed.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-20 13:58:37 | 000,002,595 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\WebKeySoft Process Manager 2 Lite.lnk
[2011-06-20 00:33:51 | 000,000,703 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Duke Nukem Forever.lnk
[2011-06-19 13:13:31 | 000,000,462 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\PLP 11 Center.lnk
[2011-06-18 10:23:59 | 000,000,499 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Virtual DJ.lnk
[2011-06-18 10:09:56 | 000,001,804 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
[2011-06-05 23:16:14 | 000,000,966 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\DarkDimensions_CityOfFog.exe.lnk
[2011-06-04 20:54:53 | 000,001,094 | ---- | C] () -- I:\Documents and Settings\All Users\Menu Start\Programy\Windows Live ID.lnk
[2011-06-04 20:53:25 | 000,001,503 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Operation Flashpoint ® Red River.lnk
[2011-06-02 21:39:49 | 000,278,984 | ---- | C] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2011-06-02 21:39:48 | 000,025,416 | ---- | C] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2011-06-02 11:37:15 | 000,000,627 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Royal_Envoy.exe.lnk
[2011-05-30 18:14:31 | 000,000,431 | ---- | C] () -- I:\Documents and Settings\Wojtas\Moje dokumenty\Royal Envoy.lnk
[2011-05-28 09:56:56 | 000,001,374 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\DiRT 3.lnk
[2011-05-27 22:40:11 | 000,000,879 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\MysteryTrackers_Raincliff_CE.exe.lnk
[2011-05-26 20:19:28 | 000,000,975 | ---- | C] () -- I:\Documents and Settings\All Users\Pulpit\Darkness Within 2.lnk
[2011-05-25 21:23:03 | 000,001,861 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Lost Chronicles Fall of Caesar.lnk
[2011-05-22 15:16:42 | 000,000,492 | ---- | C] () -- I:\Documents and Settings\Wojtas\Pulpit\Launcher.lnk
[2011-05-21 19:18:09 | 000,000,002 | ---- | C] () -- I:\Documents and Settings\All Users\timerxfile
[2011-05-21 19:18:09 | 000,000,002 | ---- | C] () -- I:\Documents and Settings\All Users\datesavefile
[2011-05-21 19:18:09 | 000,000,001 | ---- | C] () -- I:\Documents and Settings\All Users\varsavefile
[2011-05-21 19:17:57 | 000,004,768 | ---- | C] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\operaprefs.ini
[2011-05-21 19:17:57 | 000,004,768 | ---- | C] () -- I:\Documents and Settings\All Users\operaprefs.ini
[2011-05-13 20:38:07 | 000,000,632 | ---- | C] () -- I:\WINDOWS\Thps3.INI
[2011-05-07 18:07:23 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI
[2011-05-04 20:23:58 | 000,000,167 | ---- | C] () -- I:\WINDOWS\wininit.ini
[2011-04-20 16:17:05 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ativpsrm.bin
[2011-04-20 16:16:44 | 000,887,724 | R--- | C] () -- I:\WINDOWS\System32\ativva6x.dat
[2011-04-20 16:16:44 | 000,196,565 | R--- | C] () -- I:\WINDOWS\System32\atiicdxx.dat
[2011-04-20 16:16:44 | 000,000,003 | R--- | C] () -- I:\WINDOWS\System32\ativva5x.dat
[2011-04-20 11:07:10 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb0.bin
[2011-04-20 11:07:08 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb1.bin
[2011-04-20 11:07:08 | 000,000,001 | ---- | C] () -- I:\WINDOWS\System32\nvdrssel.bin
[2011-04-17 22:15:07 | 000,178,176 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[2011-04-17 21:57:54 | 000,041,872 | ---- | C] () -- I:\WINDOWS\System32\xfcodec.dll
[2011-04-17 21:45:02 | 000,001,984 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2011-04-15 13:35:56 | 000,003,584 | ---- | C] () -- I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- I:\WINDOWS\System32\xlive.dll.cat
[2011-03-26 12:13:28 | 000,002,352 | ---- | C] () -- I:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-03-25 19:08:20 | 000,604,140 | -HS- | C] () -- I:\WINDOWS\System32\drivers\ISwift3.dat
[2011-03-25 19:00:03 | 000,115,369 | ---- | C] () -- I:\WINDOWS\System32\drivers\klin.dat
[2011-03-25 19:00:03 | 000,097,859 | ---- | C] () -- I:\WINDOWS\System32\drivers\klick.dat
[2011-03-25 17:55:50 | 000,001,732 | ---- | C] () -- I:\WINDOWS\System32\drivers\nvphy.bin
[2011-03-25 17:53:59 | 000,004,293 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2011-03-25 17:46:01 | 000,095,072 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-25 17:27:38 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2011-03-25 17:19:59 | 000,049,152 | R--- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2011-03-25 17:04:51 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2011-03-25 17:04:07 | 000,110,602 | ---- | C] () -- I:\WINDOWS\System32\xcdsfx32.bin
[2011-03-25 17:01:25 | 000,021,856 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2011-03-25 17:00:15 | 000,394,752 | ---- | C] () -- I:\WINDOWS\System32\cygwinb19.dll
[2010-10-08 03:11:00 | 002,293,194 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin
[2009-07-03 16:45:12 | 000,027,507 | ---- | C] () -- I:\WINDOWS\System32\drivers\klopp.dat
[2009-02-18 07:55:20 | 000,294,912 | ---- | C] () -- I:\WINDOWS\System32\ATIODE.exe
[2009-02-03 10:52:02 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\ATIODCLI.exe
[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- I:\WINDOWS\System32\libavcodec.dll
[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- I:\WINDOWS\System32\ff_x264.dll
[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- I:\WINDOWS\System32\ff_wmv9.dll
[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- I:\WINDOWS\System32\ff_theora.dll
[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- I:\WINDOWS\System32\libmplayer.dll
[2008-04-14 23:16:20 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2008-03-06 03:37:26 | 000,000,183 | ---- | C] () -- I:\WINDOWS\System32\oeminfo.ini
[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2006-11-02 17:10:16 | 000,080,912 | ---- | C] () -- I:\WINDOWS\System32\sherlock2.exe
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- I:\WINDOWS\System32\ff_mpeg2enc.dll
[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2001-08-23 14:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2001-08-23 14:00:00 | 000,615,452 | ---- | C] () -- I:\WINDOWS\System32\perfh015.dat
[2001-08-23 14:00:00 | 000,518,180 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2001-08-23 14:00:00 | 000,313,828 | ---- | C] () -- I:\WINDOWS\System32\perfi015.dat
[2001-08-23 14:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2001-08-23 14:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2001-08-23 14:00:00 | 000,145,192 | ---- | C] () -- I:\WINDOWS\System32\perfc015.dat
[2001-08-23 14:00:00 | 000,115,542 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2001-08-23 14:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2001-08-23 14:00:00 | 000,034,990 | ---- | C] () -- I:\WINDOWS\System32\perfd015.dat
[2001-08-23 14:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 193 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF3C50F
@Alternate Data Stream - 173 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:587F3582
@Alternate Data Stream - 143 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C2F24DB5
@Alternate Data Stream - 140 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:5FD35242
@Alternate Data Stream - 139 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:9A603EB0
@Alternate Data Stream - 137 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:E7367C77
@Alternate Data Stream - 135 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C36D0DFD
@Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:E9EE2AB9
@Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:9E7A0CF1
@Alternate Data Stream - 126 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:6E2D80C8
@Alternate Data Stream - 120 bytes -> I:\Documents and Settings\All Users\Dane aplikacji\TEMP:C48905F4

< End of report >
[/log]

Mateusz J.
komentarz
komentarz

Wykonaj poprzedni post ponownie. Skrypt się nie wykonał, na pewno po wklejeniu komenda dałeś Wykonaj skrypt?

wojtax2
komentarz
komentarz

Może tak zrobiłem ale teraz zrobiłem to ponownie tylko na pewno dałem "wykonaj skrypt".

Mateusz J.
komentarz
komentarz

Następny skrypt:
[code]
:files
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\operaprefs.ini
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\Codecs.exe
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\jushed.exe
I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\nircmd.exe
I:\Documents and Settings\All Users\timerxfile
I:\Documents and Settings\All Users\datesavefile
I:\Documents and Settings\All Users\varsavefile

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"

:Commands
[emptyflash]
[emptytemp]
[reboot][/code]

wojtax2
komentarz
komentarz (edytowane)

Zrobiłem i ten skrypt.

Mateusz J.
komentarz
komentarz

Usuń ręcznie plik: [code]I:\Documents and Settings\Wojtas\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[/code]

Następnie użyj opcji czyszczenia w OTL.

Logi czyste.

wojtax2
komentarz
komentarz

To już wszystko ;> ?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.