Gawron64 utworzono 22 czerwca 2011 utworzono 22 czerwca 2011 (edytowane) Witam Mam taki problem na viście! Siedziałem na stronach, na których siedzę zazwyczaj codziennie i chcąc wejść na stronę www.derekroddy.com zobaczyłem, że włącza mi się aplikacja JAVA wyłączyła mi się mozilla i wyskoczył mi komunikat Vista security 2012 i rozpoczęło się skanowanie systemu. Zaczęło mi pokazywać, że w plikach systemowych, niedawno utworzonych i takich, które moim zdaniem są maksymalnie bezpieczne siedzą wirusy. Naliczyło mi ich ok. 31 i wyskoczył komunikat kup licencję żeby usunąć robaki i oczyścić komputer. Zaczałem wyłączać ten program jednak bez skutku, bo co chwila skanowanie powracało. Udało mi się włączyć menadzer zadań i znalazłem nowy proces duq.exe Jeszcze gdy mogłem wejść w firefoxa usunąłem historię przeglądania itp. i od tamtej pory proces się nie ukazywał. Teraz nie mam dostępu do żadnego programu na komputerze wyskakuje komunikat OTWIERANIE ZA POMOCĄ. Chciałem wkleić OTL, ale przy próbie włączenia wyskoczył alert NIE MOŻNA ODNALEŹĆ APLIKACJI. Nie wiem co robić, wpisałem w google nazwę procesu i zobaczyłem, że to jakiś nowy wirus backdoor. Nie znam się na tym i proszę o pomoc, bo format nie wchodzi w grę. Nie dość, że nie mam płyty to i pliki bym stracił :/ Udało się uruchomić OTL jako administrator i zrobić logi, które podałem niżej. [log] OTL logfile created on: 2011-06-22 10:12:53 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,11% Memory free 4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 35,70 Gb Free Space | 51,16% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color="#E56717"]========== Processes (All) ==========[/color] PRC - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-04-14 18:59:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-08-07 04:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 09:33:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe [color="#E56717"]========== Modules (All) ==========[/color] MOD - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007-08-29 12:10:32 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel® DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://pl.intl.acer.yahoo.com"]http://pl.intl.acer.yahoo.com[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://pl.intl.acer.yahoo.com"]http://pl.intl.acer.yahoo.com[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = [url="http://www.google.com"]http://www.google.com[/url] IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url="http://search.yahoo.com/search?p=%7BsearchTerms%7D&ei=utf-8&fr=b1ie7"]http://search.yahoo....=utf-8&fr=b1ie7[/url] IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M] [2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions [2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions [2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml [2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KMCONFIG] File not found O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [3704065805] File not found O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\AutoRun\command - "" = byilfowc.exe O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\explore\Command - "" = byilfowc.exe O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\open\Command - "" = byilfowc.exe O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell - "" = AutoRun O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..exefile [open] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\...exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^Agnieszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]iPlusManager[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]LManager[/b] - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: [b]PLFSet[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\windows sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]StartCCC[/b] - hkey= - key= - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]updateMgr[/b] - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color="#E56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-22 09:32:41 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software [2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe [2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog [2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL [2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color="#E56717"]========== Files - Modified Within 60 Days ==========[/color] [2011-06-22 09:50:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-22 09:50:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-22 09:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-22 09:42:03 | 000,080,384 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-06-22 08:58:27 | 000,009,732 | -HS- | M] () -- C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 [2011-06-22 08:58:27 | 000,009,732 | -HS- | M] () -- C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 [2011-06-22 05:25:56 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempfq1412.html [2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-21 18:56:33 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job [2011-06-21 09:28:10 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempkY6120.html [2011-06-21 09:28:10 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempFf6120.html [2011-06-20 14:00:16 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempqb4596.html [2011-06-20 14:00:16 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempSw4596.html [2011-06-18 22:27:55 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempKI3816.html [2011-06-18 22:27:55 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TemplL3816.html [2011-06-14 21:24:59 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempVa3188.html [2011-06-10 18:01:35 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-10 18:01:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-10 18:01:35 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-10 18:01:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-09 20:52:48 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempyq2436.html [2011-06-09 20:52:48 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TemphK2436.html [2011-06-09 20:52:48 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempzN2436.html [2011-06-09 20:52:48 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempRg2436.html [2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2011-06-04 21:55:51 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempcU6012.html [2011-06-04 21:55:51 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempTT6012.html [2011-06-03 22:55:02 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempxH1712.html [2011-06-03 22:55:02 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1712.html [2011-06-02 21:51:40 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempZw4220.html [2011-06-02 21:51:40 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempQi4220.html [2011-06-02 21:39:25 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempIZ4220.html [2011-06-02 21:39:25 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempEz4220.html [2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-05-29 09:56:41 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-05-01 21:05:29 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempJy4172.html [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-06-22 08:45:59 | 000,009,732 | -HS- | C] () -- C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 [2011-06-22 08:45:59 | 000,009,732 | -HS- | C] () -- C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 [2011-06-22 05:25:55 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfq1412.html [2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-21 09:25:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempkY6120.html [2011-06-21 09:25:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFf6120.html [2011-06-20 13:56:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempqb4596.html [2011-06-20 13:56:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempSw4596.html [2011-06-18 22:23:58 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKI3816.html [2011-06-18 22:23:58 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplL3816.html [2011-06-14 20:26:16 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVa3188.html [2011-06-09 20:51:41 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphK2436.html [2011-06-09 20:51:41 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzN2436.html [2011-06-09 20:35:09 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempyq2436.html [2011-06-09 20:35:09 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRg2436.html [2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll [2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl [2011-06-04 21:01:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempcU6012.html [2011-06-04 21:01:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTT6012.html [2011-06-03 22:02:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempxH1712.html [2011-06-03 22:02:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1712.html [2011-06-02 21:51:40 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZw4220.html [2011-06-02 21:51:40 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQi4220.html [2011-06-02 21:39:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIZ4220.html [2011-06-02 21:39:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempEz4220.html [2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-05-01 20:59:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJy4172.html [2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-03-21 22:52:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGW5112.html [2011-03-11 09:42:13 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI [2011-03-01 17:09:59 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempvp5500.html [2011-03-01 17:09:59 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempbr5500.html [2010-12-17 17:13:17 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempwX4772.html [2010-12-17 17:13:17 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWM4772.html [2010-12-17 10:57:35 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmU4664.html [2010-12-17 10:57:35 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIY4664.html [2010-12-16 19:23:24 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRB4764.html [2010-12-16 19:23:24 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temppo4764.html [2010-12-15 13:23:03 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempSF2732.html [2010-12-15 13:23:03 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQZ2732.html [2010-12-14 14:19:48 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjO1780.html [2010-12-14 14:19:48 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvQ1780.html [2010-12-13 23:09:45 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temppn5080.html [2010-12-13 23:09:45 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWn5080.html [2010-12-13 11:28:32 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIp3596.html [2010-12-13 11:28:32 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoN3596.html [2010-12-12 14:10:54 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYe4764.html [2010-12-12 14:10:54 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFn4764.html [2010-12-11 15:10:01 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFX1468.html [2010-12-11 15:10:01 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempuL1468.html [2010-12-09 00:15:07 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjm4816.html [2010-12-09 00:15:07 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCf4816.html [2010-12-08 01:56:00 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempgy3468.html [2010-12-08 01:56:00 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjt3468.html [2010-12-03 16:46:35 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCc5416.html [2010-12-03 16:46:35 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRS5416.html [2010-12-03 02:17:21 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTS5700.html [2010-12-03 02:17:21 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempEV5700.html [2010-11-14 18:46:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempgB3936.html [2010-11-09 22:53:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIK5988.html [2010-06-22 00:17:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmR5792.html [2010-06-22 00:17:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Temptj5792.html [2010-06-21 21:32:39 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLx4852.html [2010-06-14 20:45:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjf4936.html [2010-06-14 20:45:22 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsO4936.html [2010-06-07 16:33:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempxL5784.html [2010-05-29 19:36:31 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempqr4836.html [2010-05-28 18:40:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNU5316.html [2010-05-27 23:03:15 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjG3520.html [2010-05-27 22:48:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFg4504.html [2010-05-27 22:14:08 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWi3564.html [2010-05-26 19:17:13 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNV3188.html [2010-05-26 19:17:13 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempeT3188.html [2010-05-19 13:29:44 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwu4080.html [2010-05-14 00:22:57 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Templf3088.html [2010-05-13 22:05:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempBA4556.html [2010-05-10 20:12:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvE5472.html [2010-04-29 08:52:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempwE2424.html [2010-04-29 08:52:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaT2424.html [2010-04-27 23:01:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempsl4104.html [2010-04-27 22:58:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTA4604.html [2010-04-22 22:22:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempmV4852.html [2010-04-22 22:17:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvG4868.html [2010-04-22 22:17:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaB4868.html [2010-04-21 23:20:43 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempv23236.html [2010-04-21 23:20:43 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempx23236.html [2010-04-21 23:15:33 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempXL8676.html [2010-04-20 21:11:48 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempc22388.html [2010-04-20 21:11:48 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempT22388.html [2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-04-19 18:26:06 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfo5560.html [2010-04-19 18:22:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLO3412.html [2010-04-18 13:01:28 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCZ3584.html [2010-04-17 09:53:58 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGi5812.html [2010-04-15 21:09:30 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJG6104.html [2010-04-15 21:09:30 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplH6104.html [2010-04-14 22:59:08 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempfx6024.html [2010-04-14 22:59:08 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwy6024.html [2010-04-14 19:54:39 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempza1056.html [2010-04-14 19:54:39 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGJ1056.html [2010-04-13 14:25:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFA5112.html [2010-04-13 14:25:47 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoU5112.html [2010-04-11 16:34:26 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRR1604.html [2010-04-11 16:34:26 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzV1604.html [2010-04-09 14:00:21 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyW5300.html [2010-04-09 14:00:21 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempuz5300.html [2010-04-07 22:43:43 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWM6080.html [2010-04-07 22:43:43 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempzn6080.html [2010-04-06 19:37:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempke4556.html [2010-04-06 19:37:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTi4556.html [2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-04-04 16:12:46 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZcy388.html [2010-04-04 16:12:46 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRTP388.html [2010-03-31 20:59:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempIG3192.html [2010-03-31 20:59:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzP3192.html [2010-03-31 15:20:15 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempmk2464.html [2010-03-31 15:20:15 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempZs2464.html [2010-03-30 21:46:26 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAA3516.html [2010-03-30 21:46:26 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyN3516.html [2010-03-30 20:34:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNo3308.html [2010-03-30 20:34:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempwc3308.html [2010-03-29 08:13:20 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempPm4108.html [2010-03-29 08:13:20 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempot4108.html [2010-03-28 18:45:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempkf4888.html [2010-03-28 18:45:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKA4888.html [2010-03-28 14:39:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempDc4484.html [2010-03-28 14:39:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVE4484.html [2010-03-27 16:37:09 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsK4404.html [2010-03-27 16:37:09 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempox4404.html [2010-03-26 16:46:24 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJq4036.html [2010-03-26 16:46:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempzn4036.html [2010-03-26 09:36:18 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJE2016.html [2010-03-26 09:36:18 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemplM2016.html [2010-03-26 02:54:00 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFQ2204.html [2010-03-26 02:54:00 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempHs2204.html [2010-03-26 01:25:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempOKD216.html [2010-03-26 01:25:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempmxe216.html [2010-03-25 21:40:03 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJw3232.html [2010-03-25 21:40:03 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempGm3232.html [2010-03-24 20:37:22 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJH1144.html [2010-03-24 20:37:22 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTJ1144.html [2010-03-23 21:20:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempTx4432.html [2010-03-23 21:20:11 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJC4432.html [2010-03-23 14:29:25 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNw4204.html [2010-03-23 14:29:25 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphE4204.html [2010-03-23 14:24:02 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzQ4244.html [2010-03-23 14:24:02 | 000,000,000 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempWA4244.html [2010-03-21 17:29:10 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempaD1384.html [2010-03-21 17:29:10 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempjt1384.html [2010-03-21 13:55:06 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempFR1000.html [2010-03-21 13:55:06 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRT1000.html [2010-03-21 03:22:12 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVb4236.html [2010-03-21 03:22:12 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQi4236.html [2010-03-21 00:34:13 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAV4184.html [2010-03-21 00:34:13 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNu4184.html [2010-03-20 21:34:38 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempng2488.html [2010-03-20 21:34:38 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempRa2488.html [2010-03-20 21:01:23 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempVW2800.html [2010-03-20 21:01:23 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLv2800.html [2010-03-20 16:34:18 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYG1468.html [2010-03-20 16:34:18 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempLT1468.html [2010-03-18 16:41:56 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempfW2752.html [2010-03-18 16:41:56 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempfH2752.html [2010-03-17 19:36:49 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempsV4316.html [2010-03-17 19:36:49 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempzP4316.html [2010-03-14 19:50:11 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempQG2220.html [2010-03-14 19:50:11 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempON2220.html [2010-03-14 16:03:47 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempeb1104.html [2010-03-14 16:03:47 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempYS1104.html [2010-03-13 21:48:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempCX4064.html [2010-03-13 21:48:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempMZ4064.html [2010-03-12 21:03:41 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempHS3648.html [2010-03-12 21:03:41 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempOm3648.html [2010-03-11 21:10:36 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempvV3868.html [2010-03-11 21:10:36 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempBR3868.html [2010-03-11 18:20:01 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TemphB2272.html [2010-03-11 18:20:01 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempyR2272.html [2010-03-11 13:57:19 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempAI4224.html [2010-03-11 13:57:19 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempNK4224.html [2010-03-10 20:20:14 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempJS4604.html [2010-03-10 20:20:14 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempoQ4604.html [2010-03-10 20:07:19 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempKZ4748.html [2010-03-10 20:07:19 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempDd4748.html [2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-03-06 10:04:06 | 000,080,384 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png [2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat [2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini [2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat [2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat [2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color="#E56717"]========== LOP Check ==========[/color] [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app [2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite [2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2 [2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-06-22 08:51:11 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000 [2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu [2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10 [2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express [2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking [2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache [2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template [2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom [2011-06-22 09:48:01 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-06-21 18:56:33 | 000,000,470 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %systemdrive%\*.* >[/color] [2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-22 09:48:51 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys [2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log [color="#A23BEC"]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color="#A23BEC"]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color="#A23BEC"]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color="#A23BEC"]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color="#A23BEC"]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color="#A23BEC"]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2011-06-22 10:12:53 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,11% Memory free 4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 35,70 Gb Free Space | 51,16% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color="#E56717"]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color="#E56717"]========== Authorized Applications List ==========[/color] [color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system | "{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system | "{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system | "{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system | "{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system | "{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system | "{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system | "{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system | "{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system | "{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system | "{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color="#E56717"]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system | "{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian "{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding "{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix "{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean "{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian "{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese "{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai "{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish "{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Uninstaller" = ATI Uninstaller "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Lite" = DAEMON Tools Lite "FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid "foobar2000" = foobar2000 v0.9.6.9 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "GridVista" = Acer GridVista "Guitar Pro 5_is1" = Guitar Pro 5.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full) "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) "RealAlt_is1" = Real Alternative 2.0.1 "Theme Park World" = Theme Park World "Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3® "WinRAR archiver" = Archiwizator WinRAR [color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#E56717"]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002 Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia: 01cc2bfe3880bffe Godzina zakończenia: 0 Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa 0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e. [ System Events ] Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505 Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera. Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane. < End of report > [/log] [color="#FF0000"]//nie pisz w innych tematach //wydzielam //dan[/color] * przepraszam za kłopot... dziękuję i liczę na waszą pomoc!
Mateusz J. komentarz 22 czerwca 2011 komentarz 22 czerwca 2011 Do okna OTL wklej: [code]:OTL DRV - [2007-08-29 12:10:32 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7 FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}" File not found (No name found) -- () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [3704065805] File not found O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\AutoRun\command - "" = byilfowc.exe O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\explore\Command - "" = byilfowc.exe O33 - MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\Shell\open\Command - "" = byilfowc.exe O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell - "" = AutoRun O33 - MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\Shell\AutoRun\command - "" = G:\autorun.exe O35 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..exefile [open] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* O37 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\...exe [@ = exefile] -- "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* :files C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job C:\Users\Agnieszka\AppData\Local\Temp*.html C:\ProgramData\ntuser.pol :reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2] :Commands [emptyflash] [emptytemp] [reboot][/code]Kiknij [color="#0000FF"][b]Wykonaj skrypt[/b][/color] Komputer uruchomi się ponownie. Wykonaj ponownie log z OTL.
Gawron64 komentarz 22 czerwca 2011 Autor komentarz 22 czerwca 2011 Log, który wyskoczył po restarcie: [log]All processes killed ========== OTL ========== Service hwdatacard stopped successfully! Service hwdatacard deleted successfully! C:\Windows\System32\drivers\ewusbmdm.sys moved successfully. HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! Prefs.js: "Softonic-Eng7 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found. Registry value HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3704065805 deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found. File byilfowc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found. File byilfowc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ac10c2-3d50-11df-9bf6-dcee9412d7fa}\ not found. File byilfowc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b66cc3f0-4b32-11e0-92bd-f7e527cafe9a}\ not found. File G:\autorun.exe not found. Registry value HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\exefile\shell\open\command\\'' updated successfully. File "C:\Users\Agnieszka\AppData\Local\duq.exe" -a "%1" %* not found. Registry key HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\.exe\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000_Classes\exefile\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! ========== FILES ========== C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. C:\Users\Agnieszka\AppData\Local\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 moved successfully. C:\ProgramData\548bbnl83858fvd88r78782upx2d0deu8a2up3q5 moved successfully. C:\Windows\tasks\User_Feed_Synchronization-{305884FB-FE73-41A1-85F8-AE96D778ABE1}.job moved successfully. C:\Users\Agnieszka\AppData\Local\TempAA3516.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempaB4868.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempaD1384.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempAI4224.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempaT2424.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempAV4184.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempBA4556.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempBR3868.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempbr5500.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempc22388.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempCc5416.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempCf4816.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempcU6012.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempCX4064.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempCZ3584.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempDc4484.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempDd4748.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempeb1104.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempeT3188.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempEV5700.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempEz4220.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFA5112.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFf6120.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFg4504.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempfH2752.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFn4764.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempfo5560.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempfq1412.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFQ2204.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFR1000.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempfW2752.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempFX1468.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempfx6024.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempgB3936.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempGi5812.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempGJ1056.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempGm3232.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempGW5112.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempgy3468.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemphB2272.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemphE4204.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemphK2436.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempHs2204.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempHS3648.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempIG3192.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempIK5988.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempIp3596.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempIY4664.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempIZ4220.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJC4432.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJE2016.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempjf4936.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempjG3520.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJG6104.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJH1144.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempjm4816.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempjO1780.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJq4036.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJS4604.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempjt1384.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempjt3468.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJw3232.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempJy4172.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempKA4888.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempke4556.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempkf4888.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempKI3816.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempkY6120.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempKZ4748.html moved successfully. C:\Users\Agnieszka\AppData\Local\Templf3088.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemplH6104.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemplL3816.html moved successfully. C:\Users\Agnieszka\AppData\Local\TemplM2016.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempLO3412.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempLT1468.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempLv2800.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempLx4852.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempmk2464.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempmR5792.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempmU4664.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempmV4852.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempmxe216.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempMZ4064.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempng2488.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNK4224.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNo3308.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNu4184.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNU5316.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNV3188.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempNw4204.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempOKD216.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempOm3648.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempON2220.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempoN3596.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempoQ4604.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempot4108.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempoU5112.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempox4404.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempPm4108.html moved successfully. C:\Users\Agnieszka\AppData\Local\Temppn5080.html moved successfully. C:\Users\Agnieszka\AppData\Local\Temppo4764.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempqb4596.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempQG2220.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempQi4220.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempQi4236.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempqr4836.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempQZ2732.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRa2488.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRB4764.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRg2436.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRR1604.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRS5416.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRT1000.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempRTP388.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempSF2732.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempsK4404.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempsl4104.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempsO4936.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempsV4316.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempSw4596.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempT22388.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTA4604.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTi4556.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTJ1144.html moved successfully. C:\Users\Agnieszka\AppData\Local\Temptj5792.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTS5700.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTT6012.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempTx4432.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempuL1468.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempuz5300.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempv23236.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempVa3188.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempVb4236.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempVE4484.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempvE5472.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempvG4868.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempvp5500.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempvQ1712.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempvQ1780.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempvV3868.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempVW2800.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempWA4244.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempwc3308.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempwE2424.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempWi3564.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempWM4772.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempWM6080.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempWn5080.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempwu4080.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempwX4772.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempwy6024.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempx23236.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempxH1712.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempxL5784.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempXL8676.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempYe4764.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempYG1468.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempyN3516.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempyq2436.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempyR2272.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempYS1104.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempyW5300.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempza1056.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempZcy388.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempzN2436.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempzn4036.html moved successfully. C:\Users\Agnieszka\AppData\Local\Tempzn6080.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempzP3192.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempzP4316.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempzQ4244.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempZs2464.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempzV1604.html moved successfully. C:\Users\Agnieszka\AppData\Local\TempZw4220.html moved successfully. C:\ProgramData\ntuser.pol moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Agnieszka ->Flash cache emptied: 57355 bytes User: All Users User: Default ->Flash cache emptied: 56466 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Agnieszka ->Temp folder emptied: 18705543 bytes ->Temporary Internet Files folder emptied: 276954121 bytes ->Java cache emptied: 27723207 bytes ->FireFox cache emptied: 62975198 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 45119312 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 412,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06222011_151611 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] OTL [log]OTL logfile created on: 2011-06-22 15:34:05 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,67% Memory free 4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 34,61 Gb Free Space | 49,60% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,76 Gb Free Space | 41,38% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-22 15:20:49 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AGNIES~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-04-14 18:59:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-08-02 17:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-03-12 00:14:00 | 011,792,992 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007-05-09 10:36:38 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007-04-26 17:00:02 | 000,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007-04-25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007-04-23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007-04-12 17:42:26 | 000,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007-04-04 12:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe PRC - [2007-03-28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007-02-09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006-11-10 18:06:32 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2006-11-07 14:57:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2006-09-08 09:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe MOD - [2011-06-22 09:24:10 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-06-22 09:24:10 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-06-22 09:24:09 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2011-06-16 22:14:08 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll MOD - [2011-06-16 22:14:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll MOD - [2011-06-16 22:14:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-10-08 23:08:01 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 09:34:02 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll MOD - [2007-04-12 17:40:04 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll MOD - [2007-04-12 17:39:48 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2007-04-12 17:39:44 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll MOD - [2007-03-17 05:19:08 | 000,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll MOD - [2007-02-12 16:02:08 | 000,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll MOD - [2007-02-07 10:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2006-11-29 21:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M] [2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions [2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions [2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml [2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KMCONFIG] File not found O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-22 15:16:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011-06-22 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Local\Apps [2011-06-22 09:32:41 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software [2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe [2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog [2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL [2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-22 15:33:05 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempml4908.html [2011-06-22 15:33:05 | 000,002,089 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\Tempou4908.html [2011-06-22 15:20:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-22 15:20:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-22 15:20:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-22 14:16:14 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-22 12:22:54 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-22 12:22:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-22 12:22:53 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-22 12:22:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-22 09:32:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-05-29 09:56:41 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-22 15:33:05 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempml4908.html [2011-06-22 15:33:05 | 000,002,089 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\Tempou4908.html [2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll [2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl [2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI [2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png [2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat [2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini [2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat [2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat [2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app [2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite [2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2 [2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-06-22 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000 [2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu [2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10 [2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express [2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking [2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache [2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template [2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom [2011-06-22 15:18:24 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-22 15:19:24 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys [2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < End of report > [/log] EXTRAS [log]OTL Extras logfile created on: 2011-06-22 15:34:05 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,67% Memory free 4,23 Gb Paging File | 2,91 Gb Available in Paging File | 68,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 34,61 Gb Free Space | 49,60% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,76 Gb Free Space | 41,38% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system | "{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system | "{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system | "{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system | "{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system | "{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system | "{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system | "{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system | "{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system | "{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system | "{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system | "{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian "{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding "{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix "{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean "{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian "{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese "{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai "{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish "{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Uninstaller" = ATI Uninstaller "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Lite" = DAEMON Tools Lite "FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid "foobar2000" = foobar2000 v0.9.6.9 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "GridVista" = Acer GridVista "Guitar Pro 5_is1" = Guitar Pro 5.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full) "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) "RealAlt_is1" = Real Alternative 2.0.1 "Theme Park World" = Theme Park World "Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3® "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002 Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia: 01cc2bfe3880bffe Godzina zakończenia: 0 Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa 0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e. [ System Events ] Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505 Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera. Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane. < End of report > [/log] Z tego co zauważyłem jest dobrze, programy chodzą jak wcześniej i chyba nawet troszkę szybciej komputer działa Sporo w pamięci tymczasowej było... to komputer mojej dziewczyny więc chyba pierwszy raz został tak oczyszczony
Mateusz J. komentarz 22 czerwca 2011 komentarz 22 czerwca 2011 W OTL użyj opcji Sprzątanie. Czysto. Zalecam przeskanowanie komputera skanerem malwarebytes.
Gawron64 komentarz 22 czerwca 2011 Autor komentarz 22 czerwca 2011 A więc tak: sprzątnąłem, zrestartowalem komputer, zainstalowałem, zaktualizowałem malwarebytes anti-malware no i mam coś takiego: [log]Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Wersja bazy: 6921 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 2011-06-22 22:00:22 mbam-log-2011-06-22 (21-59-58).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 148048 Upłynęło: 6 minut(y), 27 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Agnieszka\AppData\Local\duq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) [/log] I co z tym fantem zrobić?
wirusolog komentarz 22 czerwca 2011 komentarz 22 czerwca 2011 Pozwól, żeby MBAM to usunął. Możesz jeszcze przeprowadzić pełne skanowanie nim, tak dla świętego spokoju. Możesz wkleić nowe logi z OTL, żeby upewnić się, że ta infekcja się nie odrodziła, ale myśle, że to jest zbędne.
Gawron64 komentarz 23 czerwca 2011 Autor komentarz 23 czerwca 2011 Pełne skanowanie wykryło coś takiego: typ Trojan.FakeAlert kategoria File objekt D:/Program Files/Mozilla Firefox/0.2698259552213599.exe Usunąłem, do kwarantanny, restart komputera i znów pełne skanowanie. Tym razem nic nie wykryło. Zrobiłem skanowanie OTL tutaj daję logi: OTL [log]OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,45% Memory free 4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 34,43 Gb Free Space | 49,35% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe PRC - [2011-06-22 15:20:49 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AGNIES~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-08-02 17:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-01-14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2008-01-19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-19 09:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-19 09:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007-05-09 10:36:38 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007-05-04 16:08:06 | 000,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007-04-26 17:00:02 | 000,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007-04-25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007-04-23 09:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007-04-12 17:42:26 | 000,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007-04-04 12:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe PRC - [2007-03-28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe PRC - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-03-21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007-03-06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe PRC - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007-02-09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007-01-30 22:23:52 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe PRC - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006-11-10 18:06:32 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2006-11-07 14:57:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2006-09-08 09:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe MOD - [2011-06-22 09:24:10 | 001,785,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2011-06-22 09:24:10 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2011-06-22 09:24:09 | 001,102,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2011-06-16 22:14:08 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll MOD - [2011-06-16 22:14:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll MOD - [2011-06-16 22:14:06 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-10-08 23:08:01 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2008-01-19 09:37:12 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-19 09:36:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-19 09:36:47 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-19 09:36:35 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-19 09:35:57 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-19 09:34:02 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008-01-19 09:33:52 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2007-04-17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll MOD - [2007-04-12 17:40:04 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll MOD - [2007-04-12 17:39:48 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2007-04-12 17:39:44 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll MOD - [2007-03-17 05:19:08 | 000,237,568 | ---- | M] (HiTRSUT) -- C:\Windows\System32\keyManager.dll MOD - [2007-02-12 16:02:08 | 000,094,208 | ---- | M] (HiTRUST Inc.) -- C:\Windows\System32\MSNChatHook.dll MOD - [2007-02-07 10:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2006-11-29 21:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-05-01 20:07:22 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011-03-28 09:01:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2007-05-10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007-04-24 16:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007-04-17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007-04-12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007-03-21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007-03-14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007-02-13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-11-24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-03-28 09:01:49 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011-03-10 20:41:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-12-03 13:29:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-06-17 16:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007-05-04 16:19:24 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-04-11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007-04-11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007-04-11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2007-03-29 16:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-02-25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-02-07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007-01-30 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006-12-07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006-12-05 14:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006-11-02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2004-04-14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-02 00:46:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-02 00:46:30 | 000,000,000 | ---D | M] [2010-04-02 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Extensions [2011-05-24 09:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions [2010-11-23 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Agnieszka\AppData\Roaming\mozilla\Firefox\Profiles\z8bj923o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml [2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KMCONFIG] File not found O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^Agnieszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]iPlusManager[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]LManager[/b] - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: [b]PLFSet[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\windows sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]StartCCC[/b] - hkey= - key= - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]updateMgr[/b] - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-23 00:13:00 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-22 21:48:25 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Malwarebytes [2011-06-22 21:45:35 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-06-22 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-06-22 21:45:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-06-22 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Local\Apps [2011-06-05 14:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FERRO Software [2011-06-05 14:54:12 | 000,796,672 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe [2011-05-28 14:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2011-05-28 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2011-05-21 22:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog [2011-05-21 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Agnieszka\Desktop\Theme Park World PL [2007-12-09 19:22:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007-12-09 19:22:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007-12-09 13:46:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007-06-22 15:47:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007-06-22 07:02:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-23 11:26:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-23 11:26:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-23 11:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-23 00:13:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Agnieszka\Desktop\OTL.exe [2011-06-22 23:55:19 | 000,004,608 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-22 23:55:18 | 008,480,457 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Pyramid.mov [2011-06-22 22:37:34 | 000,002,432 | ---- | M] () -- C:\Users\Agnieszka\AppData\Local\TempjF5112.html [2011-06-22 22:12:11 | 005,994,064 | ---- | M] () -- C:\Users\Agnieszka\Desktop\150strokes.mpg [2011-06-22 21:41:42 | 000,308,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-22 14:16:14 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-06-22 12:22:54 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-22 12:22:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-22 12:22:53 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-22 12:22:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-22 09:24:24 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011-06-22 09:24:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011-06-22 09:24:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-06-21 22:42:45 | 000,390,195 | ---- | M] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-06 15:27:46 | 000,000,037 | ---- | M] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,000,359 | ---- | M] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:12 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2011-05-30 14:31:49 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-05-30 13:49:03 | 000,000,177 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-05-29 12:39:57 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-05-25 11:15:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-21 17:14:47 | 000,000,008 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-05-02 00:46:32 | 000,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-22 23:55:17 | 000,004,608 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-22 23:54:51 | 008,480,457 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Pyramid.mov [2011-06-22 22:37:33 | 000,002,432 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\TempjF5112.html [2011-06-22 22:11:41 | 005,994,064 | ---- | C] () -- C:\Users\Agnieszka\Desktop\150strokes.mpg [2011-06-22 09:24:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-06-21 22:42:17 | 000,390,195 | ---- | C] () -- C:\Users\Agnieszka\Documents\171642_123358291067322_100001794552002_150002_2691038_o.jpg [2011-06-05 14:55:12 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini [2011-06-05 14:54:35 | 000,012,800 | ---- | C] () -- C:\Windows\ioctrl.dll [2011-06-05 14:54:35 | 000,000,359 | ---- | C] () -- C:\Users\Agnieszka\Desktop\Ferro - Cyfrowy Magnetowid.lnk [2011-06-05 14:54:13 | 000,007,758 | ---- | C] () -- C:\Windows\Polish_PL.gpl [2011-05-25 11:15:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-05-21 22:18:52 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Theme Park World.lnk [2011-05-02 00:46:32 | 000,000,664 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-03-30 19:27:47 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_3 [2011-03-30 15:43:43 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_1 [2011-03-30 15:43:42 | 000,000,177 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\D2Info0 [2011-03-30 15:43:42 | 000,000,008 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\DofusAppId0_2 [2011-03-11 01:02:01 | 000,000,346 | ---- | C] () -- C:\Windows\THPS3.INI [2010-04-19 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-04-05 22:00:02 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-05 22:00:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-05 21:59:59 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-04-05 21:59:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-05 21:59:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-12-26 20:56:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-12-26 20:56:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-05-11 02:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2009-05-11 01:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2009-05-11 01:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2009-05-11 01:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2009-02-23 10:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008-03-03 19:12:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2008-01-27 21:58:22 | 000,031,007 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\UserTile.png [2008-01-06 20:59:38 | 000,008,268 | ---- | C] () -- C:\Users\Agnieszka\AppData\Local\d3d9caps.dat [2007-12-10 05:17:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007-12-10 05:17:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007-12-10 05:17:26 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007-12-10 05:17:18 | 000,000,111 | ---- | C] () -- C:\Windows\Alaunch.ini [2007-12-10 05:17:18 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007-12-09 14:39:33 | 000,140,825 | ---- | C] () -- C:\Windows\hpoins18.dat [2007-12-09 14:05:44 | 000,000,438 | ---- | C] () -- C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat [2007-12-09 13:46:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007-06-22 18:11:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007-06-22 15:47:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007-06-22 07:04:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007-06-22 07:02:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007-06-22 07:02:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007-06-22 07:02:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007-06-22 06:56:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007-04-12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007-04-12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007-04-12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007-04-12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007-04-12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007-04-12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006-12-05 07:19:18 | 000,672,140 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,130,516 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,308,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== LOP Check ==========[/color] [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\app [2011-03-10 20:47:05 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\DAEMON Tools Lite [2011-05-19 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus 2 [2011-03-30 15:43:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-03-30 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011-06-22 15:55:29 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\foobar2000 [2008-02-12 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu [2011-06-21 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Gadu-Gadu 10 [2011-05-28 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Guitar Pro 6 [2008-03-25 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Image Zone Express [2008-01-27 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\PeerNetworking [2007-12-31 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Printer Info Cache [2011-04-07 15:23:42 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\RDRM [2011-03-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010-11-18 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Template [2008-03-03 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Agnieszka\AppData\Roaming\Zylom [2011-06-23 00:20:55 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2007-12-09 13:43:14 | 000,000,090 | ---- | M] () -- C:\Arcade.log [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007-06-22 15:47:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-12-09 15:06:48 | 000,002,688 | ---- | M] () -- C:\LGSInst.Log [2011-03-07 13:59:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-23 11:25:49 | 2459,308,032 | -HS- | M] () -- C:\pagefile.sys [2011-03-04 18:09:00 | 000,000,090 | ---- | M] () -- C:\SDMA.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-02-14 16:22:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < End of report > [/log] Extras [log]OTL Extras logfile created on: 2011-06-23 12:43:11 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Agnieszka\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,45% Memory free 4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 34,43 Gb Free Space | 49,35% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 28,75 Gb Free Space | 41,36% Space Free | Partition Type: NTFS Computer Name: AGNIESZKA-PC | User Name: Agnieszka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1927381883-965897952-3804920171-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0781E6F3-CBAC-41B1-B535-320186434B60}" = rport=10243 | protocol=6 | dir=out | app=system | "{1888D085-FEF8-46ED-B49D-02919290F45B}" = lport=138 | protocol=17 | dir=in | app=system | "{193D6798-FDFF-48BE-90E3-553354DB273E}" = rport=139 | protocol=6 | dir=out | app=system | "{2D51BAE2-F41F-445D-B6A5-932BBCD9D017}" = rport=138 | protocol=17 | dir=out | app=system | "{3B69EF96-DD4E-49FA-A1CF-D0503DFEC0D4}" = rport=445 | protocol=6 | dir=out | app=system | "{3D265F48-ADEE-47C3-A144-C283DD6E9C03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47D5BE8D-23FA-4A94-B1A4-5845728F6DF2}" = lport=139 | protocol=6 | dir=in | app=system | "{50EF5F05-5F1D-438E-85FA-7F0B4D5BB339}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52EAE5EA-3304-4660-B96D-1AA97024AC27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57BE9916-AFB6-44B2-AC17-B3957E183882}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5911028F-755F-40CE-AD51-2E191FBE961D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5DFD6505-35D6-40F4-8B29-7F181201DC60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D520662-3FC2-4AFA-8914-FCDE1309D170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84017392-89A1-434C-9772-58A5E25F920A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8D2732BE-A227-4D33-8254-6455053F0344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2BA9165-582B-46FF-8449-BA67927AFDDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3569311-9FDE-4CE1-BEA9-3B90114A3510}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD995F94-3F09-4810-8610-936627D8070C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF209183-CC8B-414D-AE46-40599F584C22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CE477DB1-6C1C-4C1E-AE91-913D8D9B096D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEBC9DC5-1FF1-4872-85FE-ECF1C070FABA}" = rport=137 | protocol=17 | dir=out | app=system | "{D98CB560-7F9A-4945-B8D5-33A11BB380B6}" = lport=137 | protocol=17 | dir=in | app=system | "{D99F8A24-BC69-4861-8ED4-0010B468C61D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E6A482A6-9833-4794-94FD-F0C5F09200A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F140E891-77CA-44D4-AB30-98B346377639}" = lport=445 | protocol=6 | dir=in | app=system | "{F3D101DF-19A8-4ECA-99EA-9CBBFDA7E26A}" = lport=10243 | protocol=6 | dir=in | app=system | "{F9FA48C7-7135-4189-984B-4704795E2C56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F9340BA-0B59-464D-9C1D-1CF30A049B8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0FAB4390-DED5-4CD9-B326-E6E07C0D2BE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FC4C661-4453-4179-A2DC-06DF743512B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2887C6FC-1239-4907-906D-7D33C364C3A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2A2779D8-434F-46DF-AF50-56EC14AEC26B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2B835D5F-3B96-4979-9506-9826AE939C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{32532499-EEA0-4B04-8EB5-E25E0D0911F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{467B6CD4-CACF-44C7-B0A8-DD9F958210DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{52E33C4D-2CDE-4C4C-9868-266B19DF0D56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{593820B2-8066-4234-AC3E-6AFB0FA2A92A}" = protocol=17 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{5ABA27A0-C741-4A36-815E-F74CC172A4C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5F90CB70-4F47-4B2E-A176-0A3D84CE06D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{64DB38BF-FD8F-4280-8AA1-6009E45DB20C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{666A7958-8480-4BA9-9393-FC04ED4448EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8FBE5C52-2F05-4918-9046-960DE7F1248C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{912EAABC-AE9B-434B-8F67-BBC91B2596C1}" = protocol=6 | dir=in | app=c:\users\agnieszka\appdata\local\temp\7zs642e.tmp\symnrt.exe | "{A3E52BA3-3309-420A-9BC1-F88B9FCB40A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A7D01999-B116-4C61-B7DA-D4FE24462CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC9C2A62-C16A-4D0C-BC50-BA03DAD0F44C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0D6AF9B-D805-459F-B947-55BF3AF4AE04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA838AD0-6D74-4807-B28D-E38B93C59073}" = protocol=6 | dir=out | app=system | "{C2A6B2F7-74AC-4D3B-8BE3-FE6B9E05FD91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{40CB16D2-8B36-4593-8566-5AF371BCFD25}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{6751CE20-2CC7-44BD-8116-4D8E4A2F9A6B}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{77AC90BE-6C5C-4EF9-AC4F-0D8FDED92EB4}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{F081163F-4287-4771-883B-00965B6FE891}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{25D6CD52-B60C-4D2A-9EC8-DF294B46A70E}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{9E7BDCD2-8822-42A2-B8F0-6F9C53DF5DA6}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{B56E7979-1CE6-4DB3-B15B-14C4554D480D}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{FD3F418A-3452-4FE3-8859-A36947380258}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08021248-88B6-E67B-CFD0-7B2C690CF37F}" = Catalyst Control Center Localization Russian "{0ABBC013-7CF3-FEAE-8851-A4A290DC3D93}" = Catalyst Control Center Localization Norwegian "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0E290898-A92A-682B-84BC-791E4B51D39E}" = Catalyst Control Center Localization Finnish "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{196654EB-009F-6E50-7BAB-CE60C89AE403}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2A5050FE-B629-D35A-38F3-89B353477674}" = Catalyst Control Center Localization Spanish "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding "{3838E2BF-91E8-730A-9C1C-4D73A9A08A91}" = Catalyst Control Center Graphics Light "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB8A7B1-2EEB-56AF-A877-5742D2B18BEC}" = Catalyst Control Center Localization Dutch "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix "{429CEC54-6DE7-C63D-EB89-518AAB6F0E35}" = Catalyst Control Center Localization Korean "{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4E55CE14-FC19-0D1F-E603-9CB92DBD9E7E}" = Catalyst Control Center Localization Italian "{5204EE13-A206-ED46-8AD6-5102491DE3B6}" = Catalyst Control Center Localization Portuguese "{54ADF8E0-E14A-6C4E-9D60-51637D6576BE}" = Catalyst Control Center Localization Czech "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{62355C0D-A1AC-0C50-582A-83F08692D1A4}" = Catalyst Control Center Localization Danish "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6A904BEA-D1B5-3077-E82D-239262DCE266}" = Catalyst Control Center Localization Thai "{6CF2361C-E085-E644-9503-D2755C98D1B7}" = Catalyst Control Center Localization German "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A2E65F0-FCD3-50F7-CD3A-D17E01D9B22D}" = Catalyst Control Center Localization Japanese "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7CD88B0E-CC14-20C4-AAD7-310883457848}" = ccc-utility "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DAE66B9-3D2C-870A-AC1F-D98D56B2E48D}" = Catalyst Control Center Localization Chinese Standard "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9B850277-4198-1D44-B7BD-CA8D4DCEE620}" = Catalyst Control Center Localization Polish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FDBB8DB-753F-6482-DB5E-2B7DA5577053}" = Catalyst Control Center Localization Chinese Traditional "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEA296D6-0F45-5B8E-FA16-6D553D5E6149}" = Catalyst Control Center Core Implementation "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{BFC7B8B9-37A3-F118-8929-8D6C0E52E9B2}" = Catalyst Control Center Localization Hungarian "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C28512D7-66A1-2EF6-94F3-6A458BD76419}" = Catalyst Control Center Localization Greek "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C99B5FE7-A85C-77A6-64BD-644358B01A45}" = Catalyst Control Center Localization Turkish "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE992AB2-28A0-4A92-01B8-970606F7B2A4}" = Catalyst Control Center Localization French "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D8FC2439-A2CA-6EEC-523D-8470C7967533}" = Catalyst Control Center Localization Swedish "{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Uninstaller" = ATI Uninstaller "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Lite" = DAEMON Tools Lite "FERRO Cyfrowy Magnetowid" = FERRO Cyfrowy Magnetowid "foobar2000" = foobar2000 v0.9.6.9 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "GridVista" = Acer GridVista "Guitar Pro 5_is1" = Guitar Pro 5.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.0.1200 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl) "RealAlt_is1" = Real Alternative 2.0.1 "Theme Park World" = Theme Park World "Tony Hawk's Pro Skater 3®" = Tony Hawk's Pro Skater 3® "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-14 15:23:23 | Computer Name = Agnieszka-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-06-16 08:26:03 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002 Description = Program Explorer.EXE w wersji 6.0.6002.18005 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 748 Godzina rozpoczęcia: 01cc2bfe3880bffe Godzina zakończenia: 0 Error - 2011-06-22 02:55:07 | Computer Name = Agnieszka-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd duq.exe, wersja 0.0.0.0, sygnatura czasowa 0x4deeb2e7, moduł powodujący błąd mshtml.dll, wersja 8.0.6001.19088, sygnatura czasowa 0x4de090ed, kod wyjątku 0xc0000005, przesunięcie błędu 0x000aac94, identyfikator procesu 0xb38, godzina rozpoczęcia aplikacji 0x01cc30a92c1f5f5e. Error - 2011-06-22 18:20:28 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002 Description = Program mbam.exe w wersji 1.51.0.1074 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 1598 Godzina rozpoczęcia: 01cc3129e0989208 Godzina zakończenia: 7 Error - 2011-06-22 18:20:41 | Computer Name = Agnieszka-PC | Source = Application Hang | ID = 1002 Description = Program OTL.exe w wersji 3.2.24.1 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 11cc Godzina rozpoczęcia: 01cc31298fe11e48 Godzina zakończenia: 6 [ System Events ] Error - 2010-02-20 06:18:22 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-20 06:18:31 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-20 06:22:58 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-21 09:57:29 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-21 09:57:37 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-21 09:59:40 | Computer Name = Agnieszka-PC | Source = Server | ID = 2505 Description = Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{147BB2B6-5102-4A12-8896-DEB2A99F3E2F}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera. Error - 2010-02-21 11:15:02 | Computer Name = Agnieszka-PC | Source = DCOM | ID = 10010 Description = Error - 2010-02-22 11:47:31 | Computer Name = Agnieszka-PC | Source = HTTP | ID = 15016 Description = Error - 2010-02-22 11:47:40 | Computer Name = Agnieszka-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2010-02-23 02:32:59 | Computer Name = Agnieszka-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:38:05 na 2010-02-22 było nieoczekiwane. < End of report > [/log]
wirusolog komentarz 23 czerwca 2011 komentarz 23 czerwca 2011 Infekcji brak. Mała korekta: [hr] [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL MsConfig - StartUpReg: iPlusManager - hkey= - key= - File not found MsConfig - StartUpReg: PLFSet - hkey= - key= - File not found O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [KMCONFIG] File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Acer Tour] File not found [2010-10-19 21:27:22 | 000,000,929 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\conduit.xml [2011-03-10 20:40:55 | 000,002,059 | ---- | M] () -- C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\z8bj923o.default\searchplugins\daemon-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\AGNIESZKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8BJ923O.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1927381883-965897952-3804920171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com :Files C:\Users\Agnieszka\AppData\Local\TempjF5112.html :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.stronastartowa.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.stronastartowa.com/" :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] Po restarcie odpal OTL i wciśnij w nim [b]Sprzątanie[/b] To chyba na tyle.
Gawron64 komentarz 23 czerwca 2011 Autor komentarz 23 czerwca 2011 Zrobiłem to co było napisane w poście wyżej. Czy mam coś jeszcze zrobić? Logi z OTL'a dać? MBAM skanować? Chciałbym mieć pewność, że jest czysto i nikt nie szpieguje tego co robię na laptopie... Jeśli to wszystko to serdecznie dziękuję za pomoc i fachowe rady
wirusolog komentarz 24 czerwca 2011 komentarz 24 czerwca 2011 Jak chcesz to możesz jeszcze dać logi z [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u] + [url=http://www.hotfix.pl/instrukcja-obslugi-tdsskiller-a341.htm][b][color=blue][u]TDSSKiller[/url][/b][/color][/u]. Logi z OTL - nie dawaj / skanowanie MBAM możesz zrobić, chodź z mojego punktu widzenia - [b]zbędne[/b]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.