x-kom hosting

Brak pliku eksplorasi.exe

fr33sty13
utworzono
utworzono (edytowane)

Witam, jestem zielony w sprawach związanych z komputerem ale po ostatnim skanie prawdopodobnie usunąłem plik eksplorasi.exe. Teraz gdy włączam kompa to okno "Zapraszamy" traw długo i wyskakuje na starcie błąd (ten ze screena w załączniku), jak to naprawić? usunąć błąd oraz żeby Zapraszamy nie trwało tak długo. Mam windowsa XP.

[color="#FF0000"]//przenoszę do Bezpieczeństwa
//dan[/color]

Mateusz J.
komentarz
komentarz

Wykonaj logi z OTL oraz RSIT: http://www.forumpc.pl/index.php?showtopic=104338

  • 3 tygodnie później...
fr33sty13
komentarz
komentarz

Logi z RSIT:

log.txt

[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-14 08:52:13
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 4 GB (41%) free of 10 GB
Total RAM: 510 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:52:36, on 2011-07-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Pob®ania™\OTL.exe
D:\Pob®ania™\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright &copy; 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1286622790&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PCPerf] "D:\Smartalec PC Aceelerator 2005 Trial Demo\pcperf.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKLM\..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs
O4 - HKCU\..\Run: [ALLUpdate] "D:\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Zmg.exe
O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{58837000-74A3-4CBD-ABED-6CA30B3F7F3F}: NameServer = 194.204.159.1 194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

--
End of file - 13713 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\XMUODFNRDI.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\n835e5ik.default

prefs.js - "browser.startup.homepage" - "http://www.google.pl"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=D:\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=D:\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

D:\Mozilla Firefox\extensions\
testpilot@labs.mozilla.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

D:\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

D:\Mozilla Firefox\searchplugins\
allegro-pl.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-14 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe []
"UnlockerAssistant"=D:\Unlocker\UnlockerAssistant.exe []
"PCPerf"=D:\Smartalec PC Aceelerator 2005 Trial Demo\pcperf.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AdslTaskBar"=stmctrl.dll,TaskBar []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Bron-Spizaetus"=C:\WINDOWS\ShellNew\sempalong.exe []
"MSRegInfo"=C:\WINDOWS\pagefile.sys.vbs [2011-06-17 3478]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=D:\ALLPlayer\ALLUpdate.exe sleep []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"0ESKOMO9JO"=C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Zmg.exe []
"nod32"=C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\nodqq.exe [2010-05-09 111616]
"Tok-Cirrhatus"=C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\smss.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
mdhcp32.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1
"NoStrCmpLogical"=1
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoChangeAnimation"=1
"NoStrCmpLogical"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Nowe Gadu-Gadu\gg.exe"="D:\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"D:\GoD\GoD.exe"="D:\GoD\GoD.exe:*:Enabled:GoD"
"D:\Counter-Strike 1.6 Non Steam\hl.exe"="D:\Counter-Strike 1.6 Non Steam\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Counter-Strike 1.6\hl.exe"="D:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\totalcmd\TOTALCMD.EXE"="D:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Metin 2\metin2.bin"="D:\Metin 2\metin2.bin:*:Enabled:metin2"
"D:\Counter-Strike 1.6\hltv.exe"="D:\Counter-Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Counter-Strike 1.6\hlds.exe"="D:\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Need For Speed - Underground 2\speed2.exe"="D:\Need For Speed - Underground 2\speed2.exe:*:Enabled:speed2"
"D:\Need for Speed Most Wanted\speed.exe"="D:\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"D:\Steam\steamapps\stilon1\counter-strike\hl.exe"="D:\Steam\steamapps\stilon1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Steam\steamapps\stilon1\day of defeat\hl.exe"="D:\Steam\steamapps\stilon1\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Steam\steamapps\stilon1\deathmatch classic\hl.exe"="D:\Steam\steamapps\stilon1\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Steam\steamapps\vagos26081995\counter-strike\hl.exe"="D:\Steam\steamapps\vagos26081995\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Postal STP\System\Postal2MP.exe"="D:\Postal STP\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Documents and Settings\Administrator\Pulpit\TOTALCMD.EXE"="C:\Documents and Settings\Administrator\Pulpit\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Gadu-Gadu 10\gg.exe"="D:\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\WINDOWS\Temp\~os5.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os5.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Total Commander\TOTALCMD.EXE"="D:\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Pob®ania™\Quake III Arena\quake3.exe"="D:\Pob®ania™\Quake III Arena\quake3.exe:*:Enabled:quake3"
"D:\Quake III Arena\quake3.exe"="D:\Quake III Arena\quake3.exe:*:Disabled:quake3"
"D:\mIRC\mirc.exe"="D:\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\KVIrc\kvirc.exe"="D:\KVIrc\kvirc.exe:*:Enabled:kvirc"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Metin2\metin2.bin"="D:\Metin2\metin2.bin:*:Enabled:metin2"
"D:\Metin2\metin2client.bin"="D:\Metin2\metin2client.bin:*:Enabled:metin2client"
"D:\Steam\steamapps\fr33sty13pl\counter-strike\hl.exe"="D:\Steam\steamapps\fr33sty13pl\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"msacm.divxa32"=msaud32_divx.acm
"msacm.vorbis"=vorbis.acm

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 2 months======

2011-07-14 08:52:14 ----D---- C:\Program Files\trend micro
2011-07-14 08:52:13 ----D---- C:\rsit
2011-06-17 14:52:06 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-06-07 22:31:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype Extras
2011-06-07 22:30:45 ----D---- C:\Program Files\Common Files\Skype
2011-06-07 22:30:42 ----RD---- C:\Program Files\Skype
2011-06-01 07:01:11 ----RASH---- C:\WINDOWS\pagefile.sys.vbs
2011-06-01 07:01:11 ----RASH---- C:\pagefile.sys.vbs
2011-05-26 20:38:20 ----A---- C:\WINDOWS\system32\shimg.dll
2011-05-20 20:42:53 ----RSH---- C:\9rfpp.exe

======List of files/folders modified in the last 2 months======

2011-07-14 08:52:36 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-14 08:52:14 ----D---- C:\Program Files
2011-07-14 08:44:50 ----D---- C:\WINDOWS\Prefetch
2011-07-14 00:22:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-13 17:00:07 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-13 12:49:07 ----D---- C:\WINDOWS\system32\drivers
2011-07-13 09:44:24 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-07-10 00:04:52 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2011-07-03 13:55:04 ----D---- C:\Program Files\Opera
2011-06-19 12:28:25 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-06-17 18:12:53 ----D---- C:\WINDOWS\Temp
2011-06-17 17:56:40 ----D---- C:\WINDOWS\system32
2011-06-17 15:34:45 ----D---- C:\WINDOWS\ShellNew
2011-06-17 15:33:32 ----D---- C:\WINDOWS
2011-06-17 13:59:56 ----SH---- C:\AUTOEXEC.BAT
2011-06-09 21:25:56 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-09 21:25:51 ----HD---- C:\WINDOWS\inf
2011-06-09 21:25:16 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-09 21:24:54 ----SHD---- C:\WINDOWS\Installer
2011-06-09 21:24:48 ----D---- C:\Program Files\LG Electronics
2011-06-08 15:55:39 ----DC---- C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2011-06-08 08:02:07 ----DC---- C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2011-06-07 22:30:45 ----D---- C:\Program Files\Common Files
2011-06-07 22:30:41 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2011-05-23 00:07:05 ----DC---- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
2011-05-20 20:57:43 ----D---- C:\WINDOWS\Minidump
2011-05-15 00:30:44 ----DC---- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-09 436792]
R0 tffsport;M-Systems DiskOnChip 2000; C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 149376]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2002-11-12 99840]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-01-27 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 684265]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wh78;wh78; \??\D:\Pobrania\WallHack - sXe-I 7.8 all fixes\wh78.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-14 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\system32\NMSSvc.exe [2002-07-30 1118208]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
[/log]

info.txt

[log]info.txt logfile of random's system information tool 1.09 2011-07-14 08:52:38

======Uninstall list======

-->D:\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 9.17 beta-->"D:\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ADSL Modem-->rundll32.exe stmcfg32.dll,Uninstall
Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Archiwizator WinRAR-->D:\WinRAR\uninstall.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Counter-Strike-->"D:\Steam\steam.exe" steam://uninstall/10
Free eXPert PDF Reader-->MsiExec.exe /X{487C2D48-A9E3-4F34-92BD-B6A847025C16}
Gadu-Gadu 10-->D:\Gadu-Gadu 10\Uninstall.exe
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GOM Player-->"D:\GomPlayer\Uninstall.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Intel® PRO Network Adapters WMI Provider (2.0)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C701994-43D2-4B7B-A548-C6E6C224D9A9}\setup.exe"
Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
KVIrc-->"D:\KVIrc\uninstall.exe" _?=D:\KVIrc
LG MC USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6059C682-4C5F-4106-8487-943E98225D3B}\setup.exe" -l0x15 -removeonly
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0015 -removeonly
LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
Metin2-->"D:\Metin2\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 6.0 (x86 pl)-->D:\Mozilla Firefox\uninstall\helper.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Real Alternative 2.0.2-->"D:\Real Alternative\unins000.exe"
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3 Client-->"D:\TeamSpeak3\uninstall.exe"
Total Commander (Remove or Repair)-->D:\Total Commander\tcuninst.exe
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

======Hosts File======

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
<style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

======System event log======

Computer Name: KOLP
Event Code: 7036
Message: Usługa Menedżer połączeń usługi Dostęp zdalny weszła w stan uruchomienia.

Record Number: 15247
Source Name: Service Control Manager
Time Written: 20110618121024.000000+120
Event Type: informacje
User:

Computer Name: KOLP
Event Code: 7035
Message: Do usługi Menedżer połączeń usługi Dostęp zdalny został pomyślnie wysłany kod sterowania uruchom.

Record Number: 15246
Source Name: Service Control Manager
Time Written: 20110618121024.000000+120
Event Type: informacje
User: KOLP\Administrator

Computer Name: KOLP
Event Code: 7036
Message: Usługa Telefonia weszła w stan uruchomienia.

Record Number: 15245
Source Name: Service Control Manager
Time Written: 20110618121024.000000+120
Event Type: informacje
User:

Computer Name: KOLP
Event Code: 7036
Message: Usługa Rozpoznawanie lokalizacji w sieci (NLA) weszła w stan uruchomienia.

Record Number: 15244
Source Name: Service Control Manager
Time Written: 20110618121024.000000+120
Event Type: informacje
User:

Computer Name: KOLP
Event Code: 7035
Message: Do usługi Rozpoznawanie lokalizacji w sieci (NLA) został pomyślnie wysłany kod sterowania uruchom.

Record Number: 15243
Source Name: Service Control Manager
Time Written: 20110618121024.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Application event log=====

Computer Name: KOLP
Event Code: 1041
Message: System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji.

Record Number: 1158
Source Name: Userenv
Time Written: 20110530234456.000000+120
Event Type: błąd
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KOLP
Event Code: 1041
Message: System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji.

Record Number: 1157
Source Name: Userenv
Time Written: 20110530234456.000000+120
Event Type: błąd
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KOLP
Event Code: 4609
Message: Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd.
Record Number: 1156
Source Name: EventSystem
Time Written: 20110530220413.000000+120
Event Type: błąd
User:

Computer Name: KOLP
Event Code: 1041
Message: System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji.

Record Number: 1155
Source Name: Userenv
Time Written: 20110530215755.000000+120
Event Type: błąd
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KOLP
Event Code: 1041
Message: System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji.

Record Number: 1154
Source Name: Userenv
Time Written: 20110530215755.000000+120
Event Type: błąd
User: ZARZĄDZANIE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
[/log]

Logi z OTL

Extras.Txt

[log]OTL Extras logfile created on: 2011-07-14 08:47:27 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Pob®ania™
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

509,99 Mb Total Physical Memory | 307,45 Mb Available Physical Memory | 60,29% Memory free
1,22 Gb Paging File | 1,07 Gb Available in Paging File | 87,63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,97 Gb Free Space | 40,60% Space Free | Partition Type: NTFS
Drive D: | 27,50 Gb Total Space | 18,50 Gb Free Space | 67,27% Space Free | Partition Type: NTFS

Computer Name: KOLP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Explore] -- explorer.exe /e,/root,/idlist,%i (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"D:\Nowe Gadu-Gadu\gg.exe" = D:\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
"D:\GoD\GoD.exe" = D:\GoD\GoD.exe:*:Enabled:GoD
"D:\Counter-Strike 1.6 Non Steam\hl.exe" = D:\Counter-Strike 1.6 Non Steam\hl.exe:*:Enabled:Half-Life Launcher
"D:\Counter-Strike 1.6\hl.exe" = D:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher
"D:\totalcmd\TOTALCMD.EXE" = D:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit
"D:\Metin 2\metin2.bin" = D:\Metin 2\metin2.bin:*:Enabled:metin2
"D:\Counter-Strike 1.6\hltv.exe" = D:\Counter-Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher
"D:\Counter-Strike 1.6\hlds.exe" = D:\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher
"D:\Need For Speed - Underground 2\speed2.exe" = D:\Need For Speed - Underground 2\speed2.exe:*:Enabled:speed2
"D:\Need for Speed Most Wanted\speed.exe" = D:\Need for Speed Most Wanted\speed.exe:*:Enabled:speed
"D:\Steam\steamapps\stilon1\counter-strike\hl.exe" = D:\Steam\steamapps\stilon1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
"D:\Steam\steamapps\stilon1\day of defeat\hl.exe" = D:\Steam\steamapps\stilon1\day of defeat\hl.exe:*:Enabled:Half-Life Launcher
"D:\Steam\steamapps\stilon1\deathmatch classic\hl.exe" = D:\Steam\steamapps\stilon1\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher
"D:\Steam\steamapps\vagos26081995\counter-strike\hl.exe" = D:\Steam\steamapps\vagos26081995\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
"D:\Postal STP\System\Postal2MP.exe" = D:\Postal STP\System\Postal2MP.exe:*:Enabled:Postal2MP
"C:\Documents and Settings\Administrator\Pulpit\TOTALCMD.EXE" = C:\Documents and Settings\Administrator\Pulpit\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Gadu-Gadu 10\gg.exe" = D:\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\WINDOWS\Temp\~os5.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os5.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Total Commander\TOTALCMD.EXE" = D:\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"D:\Pob®ania™\Quake III Arena\quake3.exe" = D:\Pob®ania™\Quake III Arena\quake3.exe:*:Enabled:quake3
"D:\Quake III Arena\quake3.exe" = D:\Quake III Arena\quake3.exe:*:Disabled:quake3
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC
"D:\KVIrc\kvirc.exe" = D:\KVIrc\kvirc.exe:*:Enabled:kvirc -- ()
"D:\Steam\Steam.exe" = D:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Metin2\metin2.bin" = D:\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"D:\Metin2\metin2client.bin" = D:\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"D:\Steam\steamapps\fr33sty13pl\counter-strike\hl.exe" = D:\Steam\steamapps\fr33sty13pl\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{487C2D48-A9E3-4F34-92BD-B6A847025C16}" = Free eXPert PDF Reader
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 9.17 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Gadu-Gadu 10" = Gadu-Gadu 10
"GOM Player" = GOM Player
"KVIrc" = KVIrc
"Metin2_is1" = Metin2
"Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 11.50.1074" = Opera 11.50
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealAlt_is1" = Real Alternative 2.0.2
"Steam App 10" = Counter-Strike
"StmAdsl" = ADSL Modem
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = Archiwizator WinRAR
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-21 15:39:11 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-21 15:39:11 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-21 15:39:12 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-21 15:39:12 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-21 15:39:23 | Computer Name = KOLP | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-06-21 15:39:24 | Computer Name = KOLP | Source = VSS | ID = 8193
Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas
wywoływania procedury CoCreateInstance. hr = 0x80040206.

Error - 2011-06-21 15:40:52 | Computer Name = KOLP | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-06-22 04:14:01 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-22 04:14:02 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

Error - 2011-06-22 04:14:02 | Computer Name = KOLP | Source = Userenv | ID = 1041
Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla
aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana.
Prawdopodobną przyczyną jest błąd rejestracji.

[ System Events ]
Error - 2011-07-13 10:52:23 | Computer Name = KOLP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2

Error - 2011-07-13 10:52:23 | Computer Name = KOLP | Source = Service Control Manager | ID = 7001
Description = Usługa Zawiadomienie o zdarzeniu systemowym zależy od usługi System
zdarzeń COM+, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-07-13 13:58:50 | Computer Name = KOLP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-07-13 18:22:22 | Computer Name = KOLP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-07-14 02:36:08 | Computer Name = KOLP | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000035'
podczas przetwarzania pliku 'ntuser.ini' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2011-07-14 02:36:27 | Computer Name = KOLP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-07-14 02:36:34 | Computer Name = KOLP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-07-14 02:36:57 | Computer Name = KOLP | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000035'
podczas przetwarzania pliku '9rfpp.exe' w woluminie 'HarddiskVolume2'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2011-07-14 02:37:50 | Computer Name = KOLP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego
błędu: %%2

Error - 2011-07-14 02:37:50 | Computer Name = KOLP | Source = Service Control Manager | ID = 7001
Description = Usługa Zawiadomienie o zdarzeniu systemowym zależy od usługi System
zdarzeń COM+, której nie można uruchomić z powodu następującego błędu: %%1058


< End of report >
[/log]

OTL.Txt

[log]OTL logfile created on: 2011-07-14 08:47:27 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Pob®ania™
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

509,99 Mb Total Physical Memory | 307,45 Mb Available Physical Memory | 60,29% Memory free
1,22 Gb Paging File | 1,07 Gb Available in Paging File | 87,63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,97 Gb Free Space | 40,60% Space Free | Partition Type: NTFS
Drive D: | 27,50 Gb Total Space | 18,50 Gb Free Space | 67,27% Space Free | Partition Type: NTFS

Computer Name: KOLP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-14 08:38:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Pob®ania™\OTL.exe
PRC - [2010-11-14 00:52:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-08-06 20:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-02-09 12:10:45 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004-08-04 00:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004-08-04 00:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2004-02-10 11:51:30 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-14 08:38:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Pob®ania™\OTL.exe
MOD - [2011-07-14 08:36:28 | 000,071,168 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq0.dll
MOD - [2010-04-16 17:37:04 | 000,664,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2010-04-16 17:37:04 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-10-25 23:47:32 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-09-04 22:47:54 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2009-06-25 10:48:08 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 17:18:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:21:24 | 001,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:22:08 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:22:06 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 15:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-07-03 15:16:27 | 008,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004-08-04 00:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2004-08-04 00:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2004-08-04 00:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2004-08-04 00:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2004-08-04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-04 00:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-04 00:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004-08-04 00:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2004-08-04 00:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2004-08-04 00:44:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2004-08-04 00:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-04 00:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2004-08-04 00:42:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2002-07-30 16:15:24 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-10-09 19:26:25 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-11-11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-11-11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-11-11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006-05-25 19:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 23:00:06 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2004-08-03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003-08-12 18:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002-10-15 15:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002-07-30 16:15:40 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-839522115-1364589140-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.pl"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Mozilla Firefox\components [2011-07-10 16:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Mozilla Firefox\plugins

[2010-10-09 13:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2011-07-10 16:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\n835e5ik.default\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\N835E5IK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010-11-14 00:52:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010-10-09 13:17:28 | 000,012,407 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [Bron-Spizaetus] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs ()
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [PCPerf] File not found
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [0ESKOMO9JO] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [ALLUpdate] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [nod32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq.exe ()
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [Tok-Cirrhatus] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\mdhcp32: DllName - mdhcp32.dll - File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-06-17 13:59:56 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-07-14 08:47:49 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-07-14 08:47:49 | 000,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{168a9f44-864a-11e0-adb6-0008741f48b6}\Shell - "" = AutoRun
O33 - MountPoints2\{168a9f44-864a-11e0-adb6-0008741f48b6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
O33 - MountPoints2\{36d34f44-057d-11de-a6ed-806d6172696f}\Shell\AutoRun\command - "" = D:\9rfpp.exe -- [2010-05-09 20:35:16 | 000,111,616 | RHS- | M] ()
O33 - MountPoints2\{36d34f44-057d-11de-a6ed-806d6172696f}\Shell\open\Command - "" = D:\9rfpp.exe -- [2010-05-09 20:35:16 | 000,111,616 | RHS- | M] ()
O33 - MountPoints2\{49cbfde2-9f51-11d6-9e91-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{49cbfde2-9f51-11d6-9e91-806d6172696f}\Shell\AutoRun\command - "" = G:\Uruchom.exe
O33 - MountPoints2\{69411fc0-8307-11e0-a1d7-0008741f48b6}\Shell\AutoRun\command - "" = E:\9rfpp.exe
O33 - MountPoints2\{69411fc0-8307-11e0-a1d7-0008741f48b6}\Shell\open\Command - "" = E:\9rfpp.exe
O33 - MountPoints2\{6da8d36a-6cd2-11de-b009-0008741f48b6}\Shell\AutoRun\command - "" = -.exe
O33 - MountPoints2\{6da8d36a-6cd2-11de-b009-0008741f48b6}\Shell\explore\Command - "" = -.exe
O33 - MountPoints2\{6da8d36a-6cd2-11de-b009-0008741f48b6}\Shell\open\Command - "" = -.exe
O33 - MountPoints2\{9035ddcc-9e8e-11de-b165-0008741f48b6}\Shell\AutoRun\command - "" = E:\9rfpp.exe
O33 - MountPoints2\{9035ddcc-9e8e-11de-b165-0008741f48b6}\Shell\open\Command - "" = E:\9rfpp.exe
O33 - MountPoints2\{960ca541-92bd-11e0-b394-0008741f48b6}\Shell - "" = AutoRun
O33 - MountPoints2\{960ca541-92bd-11e0-b394-0008741f48b6}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{97299cc1-8571-11e0-a239-0008741f48b6}\Shell\AutoRun\command - "" = E:\9rfpp.exe
O33 - MountPoints2\{97299cc1-8571-11e0-a239-0008741f48b6}\Shell\open\Command - "" = E:\9rfpp.exe
O33 - MountPoints2\{97299cc2-8571-11e0-a239-0008741f48b6}\Shell\AutoRun\command - "" = F:\9rfpp.exe
O33 - MountPoints2\{97299cc2-8571-11e0-a239-0008741f48b6}\Shell\open\Command - "" = F:\9rfpp.exe
O33 - MountPoints2\{bc00c35a-9f50-11d6-8d06-00087415b9e5}\Shell\AutoRun\command - "" = C:\9rfpp.exe -- [2010-05-09 20:35:16 | 000,111,616 | RHS- | M] ()
O33 - MountPoints2\{bc00c35a-9f50-11d6-8d06-00087415b9e5}\Shell\open\Command - "" = C:\9rfpp.exe -- [2010-05-09 20:35:16 | 000,111,616 | RHS- | M] ()
O33 - MountPoints2\{d2c8fb04-9f51-11d6-8c7e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d2c8fb04-9f51-11d6-8c7e-806d6172696f}\Shell\AutoRun\command - "" = G:\Uruchom.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-17 14:52:06 | 000,016,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-06-17 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17
[2011-06-16 14:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16
[2011-06-15 14:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-15
[2011-06-07 22:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype Extras
[2011-06-07 22:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype
[2011-06-07 22:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-06-07 22:30:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011-06-06 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-6
[2011-06-05 09:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-5
[2011-06-04 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-4
[2011-06-03 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-3
[2011-06-02 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-2
[2011-06-01 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-1
[2011-05-31 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-31
[2011-05-30 19:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-30
[2011-05-29 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-29
[2011-05-28 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-28
[2011-05-27 05:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-27
[2011-05-26 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-26
[2011-05-25 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-25
[2011-05-24 17:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gstreamer-0.10
[2011-05-24 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-24
[2011-05-23 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23
[2011-05-22 04:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-22
[2011-05-21 08:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21
[2011-05-20 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-20
[2010-01-27 07:57:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Dane aplikacji\pcouffin.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-14 08:49:04 | 000,000,057 | RHS- | M] () -- C:\autorun.inf
[2011-07-14 08:36:14 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\XMUODFNRDI.job
[2011-07-14 08:36:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-19 12:28:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-06-18 10:28:46 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-17 17:56:38 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-06-17 14:47:51 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
[2011-06-17 14:10:47 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2011-06-17 13:59:56 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2011-06-10 11:06:00 | 000,004,168 | ---- | M] () -- C:\Documents and Settings\Administrator\0.24985465222211756.exe
[2011-06-07 22:30:46 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2011-06-02 22:47:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-05-26 20:39:14 | 000,295,042 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-17 14:47:51 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
[2011-06-17 14:10:47 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2011-06-10 11:05:49 | 000,004,168 | ---- | C] () -- C:\Documents and Settings\Administrator\0.24985465222211756.exe
[2011-06-07 22:30:46 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2011-05-26 20:38:20 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011-05-20 20:42:53 | 000,111,616 | RHS- | C] () -- C:\9rfpp.exe
[2011-05-20 20:42:53 | 000,000,057 | RHS- | C] () -- C:\autorun.inf
[2011-04-16 14:09:00 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\inetmib1R.dll
[2010-11-30 19:46:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-10-14 10:35:04 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-10-09 13:15:17 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2010-10-09 13:15:16 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2010-10-09 13:15:16 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
[2010-10-09 13:15:16 | 000,000,902 | R--- | C] () -- C:\WINDOWS\System32\setup.ini
[2010-10-09 12:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010-08-20 00:01:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-05-06 23:12:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-04-27 21:06:43 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010-03-28 20:15:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-03-14 02:49:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010-01-27 07:57:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\ezpinst.exe
[2010-01-27 07:57:19 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\pcouffin.cat
[2010-01-27 07:57:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\pcouffin.inf
[2009-12-06 17:57:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-10-25 23:49:04 | 000,002,032 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009-10-24 19:51:27 | 000,104,448 | ---- | C] () -- C:\WINDOWS\setwall.exe
[2009-07-30 11:40:24 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-04 16:39:03 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-04 16:37:51 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-10-04 14:50:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-10-04 14:43:49 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 00:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002-09-24 03:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002-09-18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002-02-06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002-01-21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001-10-26 18:15:16 | 000,355,486 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 18:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 18:15:16 | 000,049,492 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 18:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-17 23:30:24 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-17 23:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-17 23:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-17 23:30:22 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-17 23:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-22 00:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-22 00:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-22 00:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2010-06-09 21:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Acoustica
[2010-07-29 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Audacity
[2011-04-21 19:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Desktopicon
[2009-11-28 15:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\EssentialPIM
[2011-03-10 23:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\EurekaLog
[2010-11-01 12:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\eXPert PDF Editor
[2010-07-28 19:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FarmingSimulator2008
[2009-07-14 11:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla
[2009-08-15 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FinalBurner Video DVD
[2010-01-28 19:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
[2011-02-27 01:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
[2009-07-12 14:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GHISLER
[2011-05-15 00:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0
[2010-05-08 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ipla
[2010-10-29 15:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\LG Electronics
[2010-06-17 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
[2009-07-25 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM
[2011-05-23 00:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2010-10-09 23:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PhotoFiltre
[2010-11-03 22:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Pionek
[2011-02-17 20:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\TS3Client
[2010-01-27 07:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Vso
[2011-04-21 20:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2010-07-08 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2009-07-23 13:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
[2011-07-10 00:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-07-14 08:36:14 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\XMUODFNRDI.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-05-09 20:35:16 | 000,111,616 | RHS- | M] () -- C:\9rfpp.exe
[2011-06-17 13:59:56 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2011-07-14 08:49:54 | 000,000,057 | RHS- | M] () -- C:\autorun.inf
[2010-02-26 17:48:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-21 22:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-11-13 11:53:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-11-13 11:53:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-11-13 11:53:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 22:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr
[2011-07-14 08:35:59 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011-06-17 18:59:41 | 000,003,478 | RHS- | M] () -- C:\pagefile.sys.vbs


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe

< End of report >
[/log]

wirusolog
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O32 - AutoRun File - [2011-07-14 08:47:49 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-07-14 08:47:49 | 000,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - File not found
O20 - Winlogon\Notify\mdhcp32: DllName - mdhcp32.dll - File not found
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-839522115-1364589140-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O4 - HKLM..\Run: [Bron-Spizaetus] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs ()
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [PCPerf] File not found
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [0ESKOMO9JO] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [ALLUpdate] File not found
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [nod32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq.exe ()
O4 - HKU\S-1-5-21-839522115-1364589140-682003330-500..\Run: [Tok-Cirrhatus] File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
MOD - [2011-07-14 08:36:28 | 000,071,168 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq0.dll
[2011-06-17 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17
[2011-06-16 14:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16
[2011-06-15 14:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-15
[2011-06-06 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-6
[2011-06-05 09:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-5
[2011-06-04 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-4
[2011-06-03 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-3
[2011-06-02 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-2
[2011-06-01 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-1
[2011-05-31 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-31
[2011-05-30 19:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-30
[2011-05-29 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-29
[2011-05-28 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-28
[2011-05-27 05:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-27
[2011-05-26 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-26
[2011-05-25 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-25
[2011-05-24 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-24
[2011-05-23 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23
[2011-05-22 04:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-22
[2011-05-21 08:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21
[2011-05-20 21:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-20
[2011-06-17 14:47:51 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
[2011-06-17 14:10:47 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2011-05-26 20:38:20 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll

:Files
9rfpp.exe /alldrives
C:\WINDOWS\System32\inetmib1R.dll
C:\WINDOWS\cadkasdeinst01e.exe
C:\WINDOWS\setwall.exe
C:\WINDOWS\Tasks\XMUODFNRDI.job
C:\pagefile.sys.vbs
autorun.inf /alldrives

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

:Commands
[emptyflash]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] Podłącz wszystkie urządzenia przenośne ([b]pendrive / komórki / mp3 / dyski przenośne[/b]) i użyj [url=http://www.hotfix.pl/uzytkowanie-programu-usbfix-a310.htm][b][color=blue][u]USBFix[/url][/b][/color][/u] z opcji [b][color="#FFA500"]DELETION[/color][/b].
Pokaż raport z usuwania (wszystko opisane jest w poradniku)!

[b]3.[/b] Potem uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. [u]Pokazujesz nowe logi z OTL + raport z usuwania USBFixem + raport z usuwania OTLem[/u]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.