wizard utworzono 27 czerwca 2011 utworzono 27 czerwca 2011 (edytowane) Witam, Mam problem, ponieważ dzisiaj avast wykrył mi nieznane pliki [i]ojj.exe[/i] i [i]Lvggr.exe[/i]. Pozbyłem się ich używając [i]ComboFix'a[/i], ale w procesach znacznie zwiększyła się ilość procesów [i]svchost.exe[/i]. Wrzucam logi i proszę o profilaktyczne sprawdzenie. [b]OTL :[/b] [log]OTL logfile created on: 2011-06-27 18:42:16 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Mariusz\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,68 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 58,50% Memory free 7,35 Gb Paging File | 5,63 Gb Available in Paging File | 76,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,24 Gb Total Space | 121,10 Gb Free Space | 80,60% Space Free | Partition Type: NTFS Drive D: | 270,28 Gb Total Space | 82,20 Gb Free Space | 30,41% Space Free | Partition Type: NTFS Drive G: | 45,25 Gb Total Space | 5,32 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Computer Name: KOMP1 | User Name: Mariusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-27 18:40:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Mariusz\Desktop\OTL.exe PRC - [2011-06-14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2011-05-10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011-05-10 14:10:56 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe PRC - [2011-04-26 08:57:54 | 008,989,184 | ---- | M] (Creative Team S.A.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2011-02-11 01:15:02 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011-02-11 01:15:02 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011-02-11 01:15:02 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010-03-25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-27 18:40:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Mariusz\Desktop\OTL.exe MOD - [2011-05-10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010-12-18 07:31:23 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2010-10-27 06:40:22 | 001,293,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-06-29 07:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-12-11 09:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 09:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 03:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2011-05-10 14:10:56 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV:[b]64bit:[/b] - [2010-04-22 11:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV:[b]64bit:[/b] - [2010-04-21 08:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010-02-05 21:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011-02-11 01:15:02 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011-01-17 01:09:00 | 004,077,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010-03-25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-05-10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2011-02-16 13:15:55 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-02-11 01:37:20 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2011-02-11 01:34:43 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2010-09-07 17:24:46 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:[b]64bit:[/b] - [2010-04-21 10:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-04-21 07:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-04-21 07:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:[b]64bit:[/b] - [2010-04-21 07:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010-04-08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2010-02-26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009-11-06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-01-09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2005-01-04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2919787596-2985152792-2476323915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2919787596-2985152792-2476323915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-11 00:13:50 | 000,000,000 | ---D | M] [2011-06-24 22:29:22 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2011-06-27 13:21:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2919787596-2985152792-2476323915-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2011-06-14 18:17:45 | 000,000,000 | ---D | M] O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2919787596-2985152792-2476323915-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2919787596-2985152792-2476323915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-27 18:40:45 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Mariusz\Desktop\OTL.exe [2011-06-27 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-06-27 18:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJack [2011-06-27 13:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-06-27 13:13:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-06-27 13:13:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-06-27 13:13:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-06-27 13:12:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-06-27 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Roaming\QuickScan [2011-06-24 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011-06-24 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Roaming\Adore Games [2011-06-24 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adore Games [2011-06-24 19:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adore Games [2011-06-21 20:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-06-15 15:31:57 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Local\ElevatedDiagnostics [2011-06-12 12:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\Documents\Prolog [2011-06-03 14:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony [2011-05-28 13:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2011-05-24 21:32:08 | 000,000,000 | RH-D | C] -- C:\Users\Mariusz\AppData\Roaming\SecuROM [2011-05-24 21:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011-05-24 21:30:24 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011-05-24 21:26:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011-05-24 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011-05-10 22:09:50 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011-05-10 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike [2011-05-09 18:49:08 | 004,077,936 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des [2011-05-09 18:48:46 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2011-05-09 18:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2011-05-09 18:41:30 | 000,053,616 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Kor.dll [2011-05-09 18:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN [2011-05-09 18:41:29 | 000,364,912 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarterCore.exe [2011-05-09 18:41:29 | 000,053,616 | ---- | C] (WEBZEN) -- C:\Windows\SysWow64\CMStarter_Eng.dll [2011-05-09 18:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu online [2011-05-08 12:03:12 | 000,000,000 | R--D | C] -- C:\Users\Mariusz\Documents\Scanned Documents [2011-05-08 12:03:12 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\Documents\Fax [2011-05-01 20:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR Player [2011-05-01 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMR Player [2011-05-01 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011-04-29 18:26:51 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Windows\SysNative\lame_enc.dll [2011-04-29 16:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Local\Screamer Radio [2011-04-29 16:17:35 | 000,000,000 | ---D | C] -- C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screamer Radio [2011-04-29 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-27 18:45:35 | 000,147,456 | ---- | M] () -- C:\Users\Mariusz\Desktop\catchme.exe [2011-06-27 18:44:00 | 000,302,592 | ---- | M] () -- C:\Users\Mariusz\Desktop\0fumnn0w.exe [2011-06-27 18:42:56 | 000,339,991 | ---- | M] () -- C:\Users\Mariusz\Desktop\RSIT.exe [2011-06-27 18:41:04 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000UA.job [2011-06-27 18:40:48 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Mariusz\Desktop\OTL.exe [2011-06-27 18:30:56 | 001,402,880 | ---- | M] () -- C:\Users\Mariusz\Desktop\HiJackThis.msi [2011-06-27 18:30:03 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-06-27 18:30:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-06-27 18:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-27 13:50:24 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2011-06-27 13:50:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011-06-27 13:48:39 | 000,015,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 13:48:39 | 000,015,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 13:40:58 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2011-06-27 13:21:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011-06-27 00:42:56 | 001,661,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-06-27 00:42:56 | 000,737,714 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-06-27 00:42:56 | 000,651,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-06-27 00:42:56 | 000,154,370 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-06-27 00:42:56 | 000,120,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-06-26 20:41:04 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000Core.job [2011-06-24 19:06:52 | 000,001,265 | ---- | M] () -- C:\Users\Mariusz\Desktop\Play Shooting Blocks.lnk [2011-06-17 14:40:11 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-05-28 13:17:37 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\CoD 4.lnk [2011-05-28 13:16:16 | 000,000,315 | ---- | M] () -- C:\Windows\game.ini [2011-05-24 21:30:24 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011-05-10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011-05-10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011-05-10 14:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011-05-10 14:04:52 | 000,127,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2011-05-10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011-05-10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011-05-10 14:03:36 | 000,253,784 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2011-05-10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011-05-10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011-05-10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011-05-10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011-05-09 21:10:42 | 000,000,000 | ---- | M] () -- C:\Users\Mariusz\AppData\Local\{F20A690C-BF57-4C35-9686-16406BA629E0} [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-27 18:44:08 | 000,302,592 | ---- | C] () -- C:\Users\Mariusz\Desktop\0fumnn0w.exe [2011-06-27 18:42:57 | 000,339,991 | ---- | C] () -- C:\Users\Mariusz\Desktop\RSIT.exe [2011-06-27 18:31:17 | 001,402,880 | ---- | C] () -- C:\Users\Mariusz\Desktop\HiJackThis.msi [2011-06-27 13:13:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-06-27 13:13:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-06-27 13:13:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-06-27 13:13:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-06-27 13:13:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-06-24 19:06:52 | 000,001,265 | ---- | C] () -- C:\Users\Mariusz\Desktop\Play Shooting Blocks.lnk [2011-05-28 13:17:37 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\CoD 4.lnk [2011-05-28 13:16:16 | 000,000,315 | ---- | C] () -- C:\Windows\game.ini [2011-05-09 21:10:42 | 000,000,000 | ---- | C] () -- C:\Users\Mariusz\AppData\Local\{F20A690C-BF57-4C35-9686-16406BA629E0} [2011-05-09 18:48:46 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2011-04-29 16:04:26 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011-04-22 16:45:28 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\SDL_gfx.dll [2011-04-22 15:55:34 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll [2011-04-19 16:39:45 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-04-19 16:39:45 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2011-03-19 21:20:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-03-01 12:49:41 | 001,623,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-02-11 01:06:42 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011-02-11 01:06:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-02-10 04:28:21 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011-02-10 04:28:21 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011-02-10 04:28:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011-02-10 04:28:20 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011-02-10 04:28:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011-02-10 04:28:15 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008-10-22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2002-08-09 16:00:00 | 000,375,296 | ---- | C] () -- C:\Windows\SysWow64\WSIHK32.DLL [2002-08-09 16:00:00 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\WSIWIN32.DLL [color=#E56717]========== LOP Check ==========[/color] [2011-06-24 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Adore Games [2011-02-16 13:18:28 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\DAEMON Tools Lite [2011-06-27 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\foobar2000 [2011-03-04 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\FreeCommander [2011-02-20 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Leadertech [2011-06-22 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Mipony [2011-04-04 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Mobipocket [2011-03-14 22:20:49 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Notepad++ [2011-06-27 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\QuickScan [2011-04-04 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\Research In Motion [2011-02-16 02:31:17 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\STV Software [2011-03-12 02:03:18 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\SWI-Prolog [2011-06-12 16:07:36 | 000,000,000 | ---D | M] -- C:\Users\Mariusz\AppData\Roaming\xpce [2011-06-17 20:26:31 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011-02-11 00:36:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-06-27 13:26:07 | 000,016,012 | ---- | M] () -- C:\ComboFix.txt [2011-06-27 13:40:58 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2011-06-27 13:41:01 | 3949,658,112 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:07BB519E < End of report >[/log] [b]OTL - Extras: [/b] [log]OTL Extras logfile created on: 2011-06-27 18:42:16 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Mariusz\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,68 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 58,50% Memory free 7,35 Gb Paging File | 5,63 Gb Available in Paging File | 76,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,24 Gb Total Space | 121,10 Gb Free Space | 80,60% Space Free | Partition Type: NTFS Drive D: | 270,28 Gb Total Space | 82,20 Gb Free Space | 30,41% Space Free | Partition Type: NTFS Drive G: | 45,25 Gb Total Space | 5,32 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Computer Name: KOMP1 | User Name: Mariusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 -- [2011-06-14 18:17:45 | 000,000,000 | ---D | M] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 -- [2011-06-14 18:17:45 | 000,000,000 | ---D | M] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 -- [2011-06-14 18:17:45 | 000,000,000 | ---D | M] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 -- [2011-06-14 18:17:45 | 000,000,000 | ---D | M] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{82E3FBCE-9BA2-44E3-9FF9-EFE9E8B70131}" = Oracle VM VirtualBox 4.0.4 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.4.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish "{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch "{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office "{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding "{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light "{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German "{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian "{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update "{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish "{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All "{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing "{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation "{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Internet Security "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1 "Budzik_is1" = Budzik 1.04 "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "foobar2000" = foobar2000 v1.1.5 "Foxit Reader" = Foxit Reader "FreeCommander_is1" = FreeCommander 2009.02b "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LManager" = Launch Manager "MiPony" = MiPony 1.3.0 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Notepad++" = Notepad++ "PDCurses-2.6_is1" = GnuWin32: PDCurses version 2.6 "RealAlt_is1" = Real Alternative 2.0.2 "Shooting Blocks_is1" = Shooting Blocks 2.6 "SWI-Prolog" = SWI-Prolog (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2919787596-2985152792-2476323915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CodeBlocks" = CodeBlocks "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-24 16:29:54 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\SoftonicDownloader_dla_real-checkers.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 2011-06-24 16:33:29 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\SoftonicDownloader_dla_real-checkers.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 2011-06-24 16:33:31 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\SoftonicDownloader_dla_real-checkers.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 2011-06-26 08:35:42 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-26 08:36:13 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\freecommander\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\freecommander\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-26 08:36:39 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-27 07:05:08 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\esetsmartinstaller_enu.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 2011-06-27 07:05:12 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\esetsmartinstaller_enu.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 2011-06-27 07:05:12 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\esetsmartinstaller_enu.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 2011-06-27 07:05:15 | Computer Name = KOMP1 | Source = SideBySide | ID = 16842832 Description = Nie można wygenerować kontekstu aktywacji dla „C:\Users\Mariusz\Desktop\esetsmartinstaller_enu.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Składnik 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. [ System Events ] Error - 2011-05-25 03:49:58 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-26 13:20:06 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-28 04:12:49 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-29 03:06:58 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-29 19:32:21 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-30 00:59:48 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-30 09:12:13 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-05-31 11:05:33 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-06-01 03:54:18 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview Error - 2011-06-01 05:49:36 | Computer Name = KOMP1 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sensorsview < End of report >[/log] [b]RSIT - 1: [/b] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Mariusz at 2011-06-27 18:54:53 Microsoft Windows 7 Professional System drive C: has 124 GB (81%) free of 154 GB Total RAM: 3767 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:54:56, on 2011-06-27 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mariusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mariusz\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Mariusz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7245 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-05-10 819840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-07 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] IplexToALLPlayer - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL [2011-02-09 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-05-10 819840] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304] "LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-02-11 1289296] "avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2011-03-15 203776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-06-27 18:54:54 ----D---- C:\Program Files (x86)\trend micro 2011-06-27 18:54:53 ----D---- C:\rsit 2011-06-27 18:32:02 ----D---- C:\Program Files (x86)\HiJack 2011-06-27 13:27:15 ----SHD---- C:\$RECYCLE.BIN 2011-06-27 13:26:07 ----A---- C:\ComboFix.txt 2011-06-27 13:13:49 ----A---- C:\Windows\zip.exe 2011-06-27 13:13:49 ----A---- C:\Windows\SWSC.exe 2011-06-27 13:13:49 ----A---- C:\Windows\SWREG.exe 2011-06-27 13:13:49 ----A---- C:\Windows\sed.exe 2011-06-27 13:13:49 ----A---- C:\Windows\PEV.exe 2011-06-27 13:13:49 ----A---- C:\Windows\NIRCMD.exe 2011-06-27 13:13:49 ----A---- C:\Windows\MBR.exe 2011-06-27 13:13:49 ----A---- C:\Windows\grep.exe 2011-06-27 13:12:17 ----D---- C:\Windows\ERDNT 2011-06-27 13:03:56 ----D---- C:\Users\Mariusz\AppData\Roaming\QuickScan 2011-06-24 22:29:22 ----D---- C:\Program Files (x86)\Mozilla Firefox 2011-06-24 19:06:59 ----D---- C:\Users\Mariusz\AppData\Roaming\Adore Games 2011-06-24 19:06:41 ----D---- C:\Program Files (x86)\Adore Games 2011-06-17 13:05:08 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2011-06-17 13:05:06 ----A---- C:\Windows\SysWOW64\jscript9.dll 2011-06-17 13:05:06 ----A---- C:\Windows\SysWOW64\jscript.dll 2011-06-17 13:05:06 ----A---- C:\Windows\SysWOW64\ieui.dll 2011-06-17 13:05:06 ----A---- C:\Windows\SysWOW64\iertutil.dll 2011-06-17 13:05:05 ----A---- C:\Windows\SysWOW64\urlmon.dll 2011-06-17 13:05:04 ----A---- C:\Windows\SysWOW64\mshtml.dll 2011-06-17 13:05:00 ----A---- C:\Windows\SysWOW64\ieframe.dll 2011-06-17 13:03:10 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2011-06-17 13:02:22 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2011-05-28 13:16:16 ----A---- C:\Windows\game.ini ======List of files/folders modified in the last 1 months====== 2011-06-27 18:54:54 ----RD---- C:\Program Files (x86) 2011-06-27 18:32:02 ----SHD---- C:\Windows\Installer 2011-06-27 18:31:52 ----SHD---- C:\System Volume Information 2011-06-27 18:30:03 ----D---- C:\Windows\Temp 2011-06-27 18:18:32 ----D---- C:\Users\Mariusz\AppData\Roaming\foobar2000 2011-06-27 18:17:27 ----D---- C:\ProgramData\boost_interprocess 2011-06-27 13:38:03 ----D---- C:\Windows 2011-06-27 13:22:00 ----A---- C:\Windows\system.ini 2011-06-27 13:17:39 ----D---- C:\Windows\SysWOW64\drivers 2011-06-27 13:17:39 ----D---- C:\Windows\SysWOW64 2011-06-27 13:17:39 ----D---- C:\Windows\System32 2011-06-27 13:17:39 ----D---- C:\Windows\AppPatch 2011-06-27 13:17:35 ----D---- C:\Program Files (x86)\Common Files 2011-06-27 12:53:40 ----D---- C:\Windows\Prefetch 2011-06-27 12:53:09 ----D---- C:\ProgramData\Spybot - Search & Destroy 2011-06-27 00:42:56 ----D---- C:\Windows\inf 2011-06-26 22:33:11 ----D---- C:\Users\Mariusz\AppData\Roaming\Skype 2011-06-22 20:12:49 ----D---- C:\Users\Mariusz\AppData\Roaming\Mipony 2011-06-22 14:49:03 ----D---- C:\Windows\debug 2011-06-21 20:35:29 ----RD---- C:\Program Files (x86)\Skype 2011-06-21 20:35:24 ----D---- C:\ProgramData\Skype 2011-06-20 20:12:52 ----D---- C:\Windows\Microsoft.NET 2011-06-20 20:11:43 ----RSD---- C:\Windows\assembly 2011-06-20 18:50:07 ----D---- C:\ProgramData\Skype Extras 2011-06-20 18:40:07 ----D---- C:\Users\Mariusz\AppData\Roaming\skypePM 2011-06-20 18:24:50 ----D---- C:\Windows\winsxs 2011-06-17 14:39:55 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2011-06-17 13:12:15 ----D---- C:\Program Files (x86)\Internet Explorer 2011-06-13 21:41:29 ----AD---- C:\ProgramData\TEMP 2011-06-12 16:07:36 ----D---- C:\Users\Mariusz\AppData\Roaming\xpce 2011-06-11 19:31:43 ----SD---- C:\Users\Mariusz\AppData\Roaming\Microsoft 2011-06-05 15:39:12 ----RSD---- C:\Windows\Fonts 2011-06-01 10:05:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2011-05-30 09:00:07 ----D---- C:\Users\Mariusz\AppData\Roaming\codeblocks 2011-05-28 20:55:46 ----D---- C:\Program Files (x86)\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [] R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\SysWOW64\drivers\aswNdis2.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 aswFW;avast! TDI Firewall driver; C:\Windows\SysWOW64\drivers\aswFW.sys [] R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys [] R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys [] R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys [] R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [] R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [] R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys [] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [] R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] S1 sensorsview;sensorsview; \??\C:\Program Files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys [] S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 dump_wmimmc;dump_wmimmc; \??\D:\Gry\Webzen\Mu\GameGuard\dump_wmimmc.sys [] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RimUsb;Smartfon BlackBerry; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184] R2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-05-10 121000] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-02-11 325200] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-01-17 4077936] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF-----------------[/log] [b]RSIT - 2: [/b] [log]info.txt logfile of random's system information tool 1.08 2011-06-27 18:54:58 ======Uninstall list====== Acer ePower Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0015 -removeonly Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{5A22D889-FBDD-4AE8-86EC-089D45FC133E}\Setup.exe -runfromtemp -l0x0409 ALLPlayer V4.X-->"C:\Program Files (x86)\ALLPlayer\unins000.exe" AMR Player 1.3-->"C:\Program Files (x86)\AMR Player\unins000.exe" Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0015 -removeonly Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe" avast! Internet Security-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup BlackBerry Desktop Software 6.0.1-->MsiExec.exe /i{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E} BlackBerry Desktop Software 6.0.1-->MsiExec.exe /I{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E} Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51} Budzik 1.04-->"C:\Program Files (x86)\Budzik\unins000.exe" Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0415 Catalyst Control Center - Branding-->MsiExec.exe /I{4E242AB2-86A7-4231-82A9-1E4226D23CA8} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe foobar2000 v1.1.5-->"C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000 Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe FreeCommander 2009.02b-->"C:\Program Files (x86)\FreeCommander\unins000.exe" GnuWin32: PDCurses version 2.6-->"C:\Program Files (x86)\GnuWin32\uninstall\unins000.exe" Google Earth Plug-in-->MsiExec.exe /X{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301} High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF} Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3} Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1} Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D} MiPony 1.3.0-->C:\Program Files (x86)\MiPony\uninst.exe Mobipocket Reader 6.2-->MsiExec.exe /I{342126E1-173C-4585-BFBE-3EBDD20E3E9E} Mu-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\Setup.exe" -l0x9 UNINSTALL NapiProjekt 1.0.6.9-->"C:\Program Files (x86)\NAPI-PROJEKT\unins000.exe" Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED} Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604} Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7} Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE} Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB} Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345} Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00} Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38} Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8} Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC} Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97} Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98} Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7} Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E} Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272} Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD} Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF} Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807} Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7} Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023} Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5} Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27} Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E} Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE} Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230} Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe ODF Add-in for Microsoft Office-->MsiExec.exe /I{2BC21CD2-8053-406A-80F6-9AB61717B49D} Optical Drive Power Management-->"C:\Program Files (x86)\InstallShield Installation Information\{AE09C972-EEB2-4DA5-8090-0FCF54576854}\setup.exe" -runfromtemp -l0x0015 -removeonly Real Alternative 2.0.2-->"C:\Program Files (x86)\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP Shooting Blocks 2.6-->"C:\Program Files (x86)\Adore Games\Shooting Blocks\unins000.exe" Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED} Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe" SWI-Prolog (remove only)-->"C:\Program Files\SWI\uninstall.exe" Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client WapSter AQQ-->C:\Program Files (x86)\WapSter\WapSter AQQ\uninstall.exe Webzen Game Starter-->"C:\Program Files (x86)\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe" -runfromtemp -l0x0009 -removeonly Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======System event log====== Computer Name: KOMP1 Event Code: 6006 Message: Zatrzymano usługę Dziennik zdarzeń. Record Number: 8368 Source Name: EventLog Time Written: 20110221170444.000000-000 Event Type: Informacje User: Computer Name: KOMP1 Event Code: 7036 Message: Usługa Instalator modułów systemu Windows weszła w stan uruchomienia. Record Number: 8367 Source Name: Service Control Manager Time Written: 20110221170443.823616-000 Event Type: Informacje User: Computer Name: KOMP1 Event Code: 7002 Message: Powiadomienie podczas wylogowywania się użytkownika dla Programu poprawy jakości obsługi klienta Record Number: 8366 Source Name: Microsoft-Windows-Winlogon Time Written: 20110221170442.762814-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KOMP1 Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia. Record Number: 8365 Source Name: Service Control Manager Time Written: 20110221170441.858013-000 Event Type: Informacje User: Computer Name: KOMP1 Event Code: 1074 Message: Proces C:\Windows\system32\winlogon.exe (KOMP1) zainicjował wyłączenie zasilania komputera KOMP1 w imieniu użytkownika KOMP1\Mariusz z następującej przyczyny: Nie można odnaleźć tytułu dla tej przyczyny Kod przyczyny: 0x500ff Typ zamknięcia systemu: wyłączenie zasilania Komentarz: Record Number: 8364 Source Name: USER32 Time Written: 20110221170442.000000-000 Event Type: Informacje User: KOMP1\Mariusz =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 1001 Message: Pakiet błędów , typ 0 Nazwa zdarzenia: PnPGenericDriverFound Odpowiedź: Niedostępny Identyfikator pliku Cab: 0 Sygnatura problemu: P1: x64 P2: PCI\VEN_8086&DEV_0046&SUBSYS_035D1025&REV_18 P3: P4: P5: P6: P7: P8: P9: P10: Dołączone pliki: Te pliki mogą być dostępne tutaj: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_c3a4c182955f55f85dda3a77085b4fc347886_cab_06ddf749 Symbol analizy: Ponowne sprawdzanie rozwiązania: 0 Identyfikator raportu: 8b98adf8-3566-11e0-9982-c547b13a0923 Stan raportu: 6 Record Number: 5 Source Name: Windows Error Reporting Time Written: 20110210223857.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20110210223753.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20110210223747.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20110210223743.103292-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20110210223743.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4735 Message: Zmieniono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Zmienione atrybuty: Nazwa konta SAM: - Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110210223719.656451-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4731 Message: Utworzono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Nowa grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Atrybuty: Nazwa konta SAM: Operatorzy kopii zapasowych Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110210223719.640851-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x37fa0 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110210223719.063650-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110210223716.630045-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110210223716.505245-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=4 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\Borland\Delphi7\Bin;C:\Program Files (x86)\Borland\Delphi7\Projects\Bpl;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Cygwin\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=2505 "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "VBOX_INSTALL_PATH"=G:\VirtualBox\ "windir"=%SystemRoot% -----------------EOF-----------------[/log] [b]GMER: [/b] [log]GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-27 19:15:52 Windows 6.1.7600 Running: 0fumnn0w.exe ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET CLR Networking 4.0.0.0 Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NET Memory Cache 4.0 Service .NETFramework Service system32\DRIVERS\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci Service system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service system32\DRIVERS\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi Service system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx Service system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci Service system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [MANUAL] adpu320 Service adsi Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AeLookupSvc Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service system32\DRIVERS\agp440.sys (Filtr AGP 440 NT/Microsoft Corporation) [MANUAL] agp440 Service C:\Windows\System32\alg.exe (Usługa bramy warstwy aplikacji/Microsoft Corporation) [MANUAL] ALG Service system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide Service C:\Windows\system32\atiesrxx.exe (AMD External Events Service Module/AMD) [AUTO] AMD External Events Utility Service system32\DRIVERS\amdide.sys (Sterownik AMD IDE/Microsoft Corporation) [MANUAL] amdide Service system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8 Service system32\DRIVERS\atipmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) [MANUAL] amdkmdag Service system32\DRIVERS\atikmpag.sys (AMD multi-vendor Miniport Driver/Advanced Micro Devices, Inc.) [MANUAL] amdkmdap Service system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM Service system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata Service system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [MANUAL] amdsbs Service system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata Service system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AppIDSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Appinfo Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AppMgmt Service system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc Service system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas Service ASP.NET Service ASP.NET_4.0.30319 Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state Service (avast! File System Access Blocking Driver/AVAST Software) [AUTO] aswFsBlk Service (avast! Filtering TDI driver/AVAST Software) [SYSTEM] aswFW Service C:\Windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista/AVAST Software) [AUTO] aswMonFlt Service system32\DRIVERS\aswNdis.sys (avast! Filtering NDIS driver/ALWIL Software) [BOOT] aswNdis Service (avast! Filtering NDIS driver/AVAST Software) [BOOT] aswNdis2 Service (avast! TDI RDR Driver/AVAST Software) [SYSTEM] aswRdr Service (avast! Virtualization Driver/AVAST Software) [SYSTEM] aswSnx Service (avast! self protection module/AVAST Software) [SYSTEM] aswSP Service (avast! TDI Filter Driver/AVAST Software) [SYSTEM] aswTdi Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service system32\DRIVERS\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi Service system32\DRIVERS\athrx.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] athr Service Atierecord Service system32\drivers\AtiHdmi.sys (ATI High Definition Audio Function Driver/ATI Technologies, Inc.) [MANUAL] AtiHdmiService Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] AudioEndpointBuilder Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] AudioSrv Service C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software) [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast5\afwServ.exe (avast! firewall service/AVAST Software) [AUTO] avast! Firewall Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AxInstSV Service system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a Service (Battery Class Driver/Microsoft Corporation) BattC Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] BDESVC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] BFE Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] BITS Service system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser Service system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Browser Service System32\Drivers\Brserid.sys (Sterownik szeregowy I/F (WDM) firmy Brother/Brother Industries Ltd.) [MANUAL] Brserid Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM Service BTHPORT Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] bthserv Service C:\ComboFix\catchme.sys [MANUAL] catchme Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] CertPropSvc Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32 Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64 Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32 Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64 Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide Service System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt Service system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk Service crypt32 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] CryptSvc Service system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [SYSTEM] CSC Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] CscService Service DCLocator Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] DcomLaunch Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] defragsvc Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dhcp Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache Service system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dnscache Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] dot3svc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] DPS Service system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud Service C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek WMI Service/Dritek System Inc.) [AUTO] DsiWMIService Service system32\DRIVERS\dtsoftbus01.sys (DAEMON Tools Virtual Bus Driver/DT Soft Ltd) [SYSTEM] dtsoftbus01 Service D:\Gry\Webzen\Mu\GameGuard\dump_wmimmc.sys [MANUAL] dump_wmimmc Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] EapHost Service system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS Service C:\Windows\ehome\ehRecvr.exe (Usługa Odbiornik Windows Media Center/Microsoft Corporation) [MANUAL] ehRecvr Service C:\Windows\ehome\ehsched.exe (Usługa harmonogramu programu Windows Media Center/Microsoft Corporation) [MANUAL] ehSched Service system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor Service C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ePowerSvc/Acer Incorporated) [AUTO] ePowerSvc Service system32\DRIVERS\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev Service ESENT Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] eventlog Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] EventSystem Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] fdPHost Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] FDResPub Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk Service system32\drivers\fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) [BOOT] FltMgr Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] FontCache Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec Service System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol Service system32\DRIVERS\gagp30kx.sys (Filtr uniwersalny AGPv3.0 firmy Microsoft dla platform procesora K8/9/Microsoft Corporation) [MANUAL] gagp30kx Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] gpsvc Service C:\Program [AUTO] gupdate Service C:\Program [MANUAL] gupdatem Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus Service system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt Service system32\DRIVERS\hidbth.sys (Sterownik Bluetooth Miniport dla urządzeń HID/Microsoft Corporation) [MANUAL] HidBth Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hidserv Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hkmsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupListener Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupProvider Service system32\DRIVERS\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD Service system32\drivers\HTTP.sys (Stos protokołu HTTP/Microsoft Corporation) [MANUAL] HTTP Service System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy Service system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [MANUAL] i8042prt Service ialm Service system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [MANUAL] iaStorV Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx Service system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] IKEEXT Service system32\DRIVERS\Impcd.sys (Intel(R) Turbo Boost Technology Driver/Intel Corporation) [MANUAL] Impcd Service inetaccs Service system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide Service system32\DRIVERS\igdpmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] intelkmd Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] IPBusEnum Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] iphlpsvc Service system32\DRIVERS\IPMIDrv.sys (STEROWNIK URZĄDZENIA INTERFEJSU IPMI W USŁUDZE WMI/Microsoft Corporation) [MANUAL] IPMIDRV Service System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [MANUAL] isapnp Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt Service system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [MANUAL] kbdclass Service system32\DRIVERS\kbdhid.sys (Sterownik filtru klawiatury HID/Microsoft Corporation) [MANUAL] kbdhid Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] KtmRm Service system32\DRIVERS\L1C62x64.sys (Atheros L1c PCI-E Gigabit Ethernet Controller/Atheros Communications, Inc.) [MANUAL] L1C Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanServer Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanWorkstation Service ldap Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] lltdsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] lmhosts Service Lsa Service system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC Service system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS Service system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2 Service system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI Service system32\drivers\luafv.sys (Sterownik filtru wirtualizacji plików LUA/Microsoft Corporation) [AUTO] luafv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] Mcx2Svc Service system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [MANUAL] megasas Service system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MMCSS Service system32\drivers\modem.sys (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor Service system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [MANUAL] mouclass Service system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid Service System32\drivers\mountmgr.sys (Menedżer punktów instalacji/Microsoft Corporation) [BOOT] mountmgr Service system32\DRIVERS\mpio.sys (Sterownik magistrali obsługujący wiele ścieżek/Microsoft Corporation) [MANUAL] mpio Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MpsSvc Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10 Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20 Service system32\DRIVERS\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci Service system32\DRIVERS\msdsm.sys (Moduł specyficzny dla urządzeń firmy Microsoft/Microsoft Corporation) [MANUAL] msdsm Service C:\Windows\System32\msdtc.exe (Usługa Koordynator transakcji rozproszonych firmy Microsoft/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service MSDTC Bridge 4.0.0.0 Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf Service system32\DRIVERS\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] MSiSCSI Service C:\Windows\system32\msiexec.exe (Instalator systemu Windows®/Microsoft Corporation) [MANUAL] msiserver Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC Service MSSCNTRS Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service system32\DRIVERS\MTConfig.sys (Sterownik urządzenia Microsoft Multi-Touch HID/Microsoft Corporation) [MANUAL] MTConfig Service System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] napagent Service system32\DRIVERS\nwifi.sys (Sterownik NativeWiFi Miniport/Microsoft Corporation) [MANUAL] NativeWifiP Service C:\Program Files (x86)\Nero\Update\NASvc.exe (NeroUpdate/Nero AG) [AUTO] NAUpdate Service system32\drivers\ndis.sys (Sterownik NDIS 6.20/Microsoft Corporation) [BOOT] NDIS Service system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service system32\DRIVERS\ndisuio.sys (Sterownik NDIS I/O trybu użytkownika/Microsoft Corporation) [MANUAL] Ndisuio Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Netman Service c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetMsmqActivator Service c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetPipeActivator Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] netprofm Service c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpActivator Service c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] NlaSvc Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Windows\system32\GameMon.des [MANUAL] npggsvc Service C:\??\C:\Windows\system32\npptNT2.sys [MANUAL] NPPTNT2 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] nsi Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy Service NTDS Service (Sterownik systemu plików NT/Microsoft Corporation) [MANUAL] Ntfs Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid Service system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor Service system32\DRIVERS\nv_agp.sys (Filtr magistrali AGP NForce NT/Microsoft Corporation) [MANUAL] nv_agp Service C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe (ODDPwr service/Acer Incorporated) [AUTO] ODDPwrSvc Service C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv Service system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394 Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2pimsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2psvc Service system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] PcaSvc Service system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] pci Service system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [MANUAL] pciide Service system32\DRIVERS\pcmcia.sys (Sterownik magistrali PCMCIA/Microsoft Corporation) [MANUAL] pcmcia Service System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PeerDistSvc Service PerfDisk Service C:\Windows\SysWow64\perfhost.exe (Host liczników wydajności (x86)/Microsoft Corporation) [MANUAL] PerfHost Service PerfNet Service PerfOS Service PerfProc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] pla Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] PlugPlay Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPAutoReg Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PolicyAgent Service PortProxy Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Power Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ProfSvc Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage Service system32\DRIVERS\pacer.sys (Harmonogram pakietów QoS/Microsoft Corporation) [SYSTEM] Psched Service system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300 Service system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] QWAVE Service system32\drivers\qwavedrv.sys (Sterownik obsługi usługi Quality Windows Audio/Video Experience (qWave)/Microsoft Corporation) [MANUAL] QWAVEdrv Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd Service system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasAuto Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasMan Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp Service system32\DRIVERS\rdbss.sys (Sterownik podsystemu buforowania przekierowanego dysku/Microsoft Corporation) [SYSTEM] rdbss Service system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service System32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] RDPDR Service system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD Service RDPNP Service system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD Service System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RemoteRegistry Service System32\Drivers\RimUsb_AMD64.sys [MANUAL] RimUsb Service system32\DRIVERS\RimSerial_AMD64.sys (RIM Virtual Serial Driver/Research in Motion Ltd) [MANUAL] RimVSerPort Service System32\Drivers\RootMdm.sys (Legacy Non-Pnp Modem Device Driver/Microsoft Corporation) [MANUAL] ROOTMODEM Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcEptMapper Service C:\Windows\system32\locator.exe (Lokalizator RPC/Microsoft Corporation) [MANUAL] RpcLocator Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcSs Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr Service system32\DRIVERS\vms3cap.sys (Microsoft S3 Emulated Device Cap Driver/Microsoft Corporation) [MANUAL] s3cap Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs Service system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port Service SBSDWSCService Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SCardSvr Service System32\DRIVERS\scfilter.sys (Sterownik filtru czytnika karty inteligentnej Microsoft/Microsoft Corporation) [MANUAL] scfilter Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Schedule Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SCPolicySvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SDRSVC Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] seclogon Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SENS Service C:\Program Files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys [SYSTEM] sensorsview Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SensrSvc Service system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum Service system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [MANUAL] Serial Service system32\DRIVERS\sermouse.sys (Sterownik filtru myszy szeregowej/Microsoft Corporation) [MANUAL] sermouse Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SessionEnv Service system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc Service system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SharedAccess Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ShellHWDetection Service system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2 Service system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4 Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb Service SMSvcHost 3.0.0.0 Service SMSvcHost 4.0.0.0 Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP Service (loader for security processor/Microsoft Corporation) [BOOT] spldr Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\Windows\system32\sppsvc.exe (Usługa platformy ochrony oprogramowania firmy Microsoft/Microsoft Corporation) [AUTO] sppsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] sppuinotify Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2 Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SstpSvc Service system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] stisvc Service system32\DRIVERS\vmstorfl.sys (Virtual Storage Filter Driver/Microsoft Corporation) [BOOT] storflt Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] StorSvc Service system32\DRIVERS\storvsc.sys (Storage VSC Driver/Microsoft Corporation) [MANUAL] storvsc Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] swprv Service system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SysMain Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TabletInputService Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TapiSrv Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TBS Service System32\drivers\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [BOOT] Tcpip Service system32\DRIVERS\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [MANUAL] TCPIP6 Service TCPIP6TUNNEL Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg Service TCPIPTUNNEL Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx Service system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TermService Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Themes Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] THREADORDER Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] TrkWks Service C:\Windows\servicing\TrustedInstaller.exe (Instalator modułów systemu Windows/Microsoft Corporation) [MANUAL] TrustedInstaller Service TSDDD Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv Service system32\DRIVERS\tunnel.sys (Sterownik interfejsu tunelu firmy Microsoft/Microsoft Corporation) [MANUAL] tunnel Service system32\DRIVERS\uagp35.sys (Filtr AGPv3.5 firmy Microsoft/Microsoft Corporation) [MANUAL] uagp35 Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs Service UGatherer Service UGTHRSVC Service C:\Windows\system32\UI0Detect.exe (Wykrywanie usług interakcyjnych/Microsoft Corporation) [MANUAL] UI0Detect Service system32\DRIVERS\uliagpkx.sys (Filtr ULi AGPv3.0 dla platform procesora K8/9/Microsoft Corporation) [MANUAL] uliagpkx Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus Service system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] UmRdpService Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] upnphost Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service system32\DRIVERS\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir Service system32\drivers\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service system32\drivers\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] UxSms Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc Service system32\DRIVERS\VBoxDrv.sys (VirtualBox Support Driver/Oracle Corporation) [SYSTEM] VBoxDrv Service system32\DRIVERS\VBoxNetAdp.sys (VirtualBox Host-Only Network Adapter Driver/Oracle Corporation) [MANUAL] VBoxNetAdp Service system32\DRIVERS\VBoxNetFlt.sys (VirtualBox Bridged Networking Driver/Oracle Corporation) [MANUAL] VBoxNetFlt Service system32\DRIVERS\VBoxUSBMon.sys (VirtualBox USB Monitor Driver/Oracle Corporation) [SYSTEM] VBoxUSBMon Service system32\DRIVERS\vdrvroot.sys (Główny moduł wyliczający dysku wirtualnego/Microsoft Corporation) [BOOT] vdrvroot Service C:\Windows\System32\vds.exe (Usługa dysków wirtualnych/Microsoft Corporation) [MANUAL] vds Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service system32\DRIVERS\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp Service system32\DRIVERS\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide Service system32\DRIVERS\vmbus.sys (Virtual Machine Bus/Microsoft Corporation) [MANUAL] vmbus Service system32\DRIVERS\VMBusHID.sys (Microsoft VMBus HID Miniport/Microsoft Corporation) [MANUAL] VMBusHID Service system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr Service System32\drivers\volmgrx.sys (Sterownik rozszerzenia menedżera woluminów/Microsoft Corporation) [BOOT] volmgrx Service system32\DRIVERS\volsnap.sys (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] volsnap Service system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid Service C:\Windows\system32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service system32\DRIVERS\vwifibus.sys (Sterownik wirtualnej magistrali WiFi/Microsoft Corporation) [MANUAL] vwifibus Service system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] W32Time Service W3SVC Service system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6 Service C:\Windows\system32\Wat\WatAdminSvc.exe (Windows Activation Technologies Service/Microsoft Corporation) [MANUAL] WatAdminSvc Service C:\Windows\system32\wbengine.exe (Plik EXE usługi Aparat kopii zapasowej na poziomie bloku firmy Microsoft®/Microsoft Corporation) [MANUAL] wbengine Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WbioSrvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wcncsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WcsPlugInService Service system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [BOOT] Wd Service system32\drivers\Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) [BOOT] Wdf01000 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiServiceHost Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiSystemHost Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WebClient Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Wecsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wercplsupport Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WerSvc Service system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinDefend Service Windows Workflow Foundation 3.0.0.0 Service Windows Workflow Foundation 4.0.0.0 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Winmgmt Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinRM Service [MANUAL] Winsock Service WinSock2 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Wlansvc Service system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi Service WmiApRpl Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WPCSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WPDBusEnum Service system32\drivers\ws2ifsl.sys (Warstwa Winsock2 IFS/Microsoft Corporation) [DISABLED] ws2ifsl Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wscsvc Service C:\Windows\system32\SearchIndexer.exe (Indeksator programu Microsoft Windows Search/Microsoft Corporation) [AUTO] WSearch Service WSearchIdxPi Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wuauserv Service system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wudfsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WwanSvc Service xmlprov Service {B38BE224-C4C9-4551-8F91-EE87A5913828} Service {CB27738D-7BC0-4E90-A8D7-BEC8C16C9AAF} Service {DD55CE7D-0712-418F-8D35-7002568FFD7F} ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6889218E-F571-59A1-98D1-A1BF372FD2B9} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6889218E-F571-59A1-98D1-A1BF372FD2B9}@haohleifffimhbpg 0x6A 0x61 0x62 0x6A ... ---- EOF - GMER 1.0.15 ----[/log] Niestety program [i]catchme.exe[/i] nie działa u mnie i nie mogę wrzucić log'a z niego.
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 W logach nie ma żadnej infekcji. Jeżeli już użyłeś ComboFixa to może pokazałbyś z niego log?
wizard komentarz 28 czerwca 2011 Autor komentarz 28 czerwca 2011 Oto i on [b]ComboFix: [/b] [log]ComboFix 11-06-26.02 - Mariusz 2011-06-27 13:15:00.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.3767.2254 [GMT 2:00] Uruchomiony z: c:\users\Mariusz\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mariusz\AppData\Roaming\Lvgggr.exe c:\users\Mariusz\secupdat.dat . . ((((((((((((((((((((((((( Pliki utworzone od 2011-05-27 do 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-27 11:20 . 2011-06-27 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-27 11:03 . 2011-06-27 11:04 -------- d-----w- c:\users\Mariusz\AppData\Roaming\QuickScan 2011-06-27 08:53 . 2011-06-27 08:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-24 17:06 . 2011-06-24 17:06 -------- d-----w- c:\users\Mariusz\AppData\Roaming\Adore Games 2011-06-24 17:06 . 2011-06-24 17:06 -------- d-----w- c:\program files (x86)\Adore Games 2011-06-17 11:03 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-17 11:03 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-17 11:03 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-17 11:03 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-17 11:03 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-17 11:03 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-17 11:03 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys 2011-06-17 11:03 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-17 11:03 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-06-17 11:03 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-17 11:03 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-17 11:03 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-17 11:02 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-17 11:02 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-06-15 13:31 . 2011-06-15 13:31 -------- d-----w- c:\users\Mariusz\AppData\Local\ElevatedDiagnostics 2011-06-01 18:42 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 20:39 . 2011-05-24 20:39 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-05-24 20:39 . 2011-05-24 20:39 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-05-24 19:30 . 2011-05-24 19:30 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-05-10 12:10 . 2011-02-15 23:23 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-15 23:23 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-05-10 12:10 . 2011-02-15 23:30 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:04 . 2011-02-15 23:24 127832 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-05-10 12:04 . 2011-02-15 23:24 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:04 . 2011-02-15 23:24 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:03 . 2011-02-15 23:24 253784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-05-10 12:02 . 2011-02-15 23:24 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-02-15 23:24 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-15 23:24 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-02-15 23:24 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-22 14:43 . 2011-04-22 14:45 77824 ----a-w- c:\windows\SysWow64\SDL_gfx.dll 2011-04-22 14:43 . 2011-04-22 14:45 77824 ----a-w- c:\windows\system32\SDL_gfx.dll 2011-04-09 06:58 . 2011-05-11 15:00 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-04-09 06:45 . 2011-05-11 07:56 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 07:56 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 07:56 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-11 15:00 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-10 1289296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 sensorsview;sensorsview;c:\program files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176] R3 dump_wmimmc;dump_wmimmc;d:\gry\Webzen\Mu\GameGuard\dump_wmimmc.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-05-10 121000] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-10 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 11:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 11:41] . 2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000Core.job - c:\users\Mariusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 11:41] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919787596-2985152792-2476323915-1000UA.job - c:\users\Mariusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 11:41] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-10 10081312] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-10 877600] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-02-10 320000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKCU-Run-Lvgggr - c:\users\Mariusz\AppData\Roaming\Lvgggr.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-2919787596-2985152792-2476323915-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6889218E-F571-59A1-98D1-A1BF372FD2B9}*] "haohleifffimhbpg"=hex:6a,61,62,6a,6b,6b,6a,6e,61,61,66,64,6c,62,6d,6e,65,6f, 70,64,00,fe . [HKEY_USERS\S-1-5-21-2919787596-2985152792-2476323915-1000\Software\SecuROM\License information*] "datasecu"=hex:06,b4,5d,51,4e,b1,3d,ab,3f,53,88,cf,f3,5a,66,a7,2c,1c,32,6d,b2, 82,17,0d,47,f8,0d,c8,ad,58,67,e0,7c,61,f9,e5,9f,84,b1,e8,6f,1d,62,e0,71,fa,\ "rkeysecu"=hex:bf,1b,5e,00,8a,8c,d5,7a,ba,5e,78,8d,d7,4b,25,68 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe . ************************************************************************** . Czas ukończenia: 2011-06-27 13:26:06 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-06-27 11:26 . Przed: 127 307 472 896 bajtów wolnych Po: 127 185 326 080 bajtów wolnych . - - End Of File - - 6FAB7CECB8B991B2F78311F85CCFC04A[/log] Log z momentu kasowania tych plików.
wizard komentarz 29 czerwca 2011 Autor komentarz 29 czerwca 2011 ok dzięki, jak coś się pogorszy to napiszę
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.