Bando utworzono 14 lipca 2011 utworzono 14 lipca 2011 (edytowane) Witam Mam ArcaVira już kilka miesięcy i nie było z nim problemów, dopóki nie musiałem ściagnąć programu anti-cheaterskiego. Cały czas wykrywał błędy , więc postanowiłem że zmienie ArcaVira na starego dobrego Avasta. Próbowałem odinstalować ArcaVira przez "dodaj lub usuń programy" i teoretycznie zniknął stamtąd jednak nadal się uruchamiał. Dlatego usunąłem go tak, jak podaje na stronie ArcaVira czyli start>wszystkie proragmy>Arcavir>odinstaluj i też PRAWIE się usunął jednak na samym końcu wyskoczył błąd. Teraz nigdzie nie widać , że ten prorgam jest zainstalowany, a mimo to uruchamia się wraz z windowsem (potem w programie Revo Uninstaler zaznaczyłem żeby wgl się nie uruchamiał ze startem systemu). Nie mogę usunąć folderu z plikami ArcaVir a dodatkowo co jakiś czas wyskakuje błąd (np. przy instalacjach) że ArcaVir jeszcze jest. Dodam też logi z hijackthis żebyście wiedzieli naczym stoję. [log]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:47:15, on 2011-07-14 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\WINDOWS\system32\ctfmon.exe C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe C:\APLIKACJE\Diskeeper\DkService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\APLIKACJE\Mozilla\firefox.exe C:\APLIKACJE\Mozilla\plugin-container.exe C:\WINDOWS\system32\msiexec.exe C:\APLIKACJE\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.ask.com/?l=dis&o=14672"]http://www.ask.com/?l=dis&o=14672[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com"]http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com"]http://www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcaBit Config Service (ABConfSV) - ArcaBit - C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe O23 - Service: ArcaBit Main Service (ABMainSV) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe O23 - Service: ArcaBit Backup Service (AVBackup) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\APLIKACJE\Diskeeper\DkService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6902 bytes[/log] I log z OTL: (tak jak jest w regulaminie, pierwszy log dałem w innym temacie) [log] OTL logfile created on: 2011-07-14 10:31:59 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 77,02% Memory free 5,34 Gb Paging File | 4,51 Gb Available in Paging File | 84,51% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 69,86 Gb Free Space | 69,86% Space Free | Partition Type: NTFS Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe PRC - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe PRC - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe PRC - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe PRC - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe PRC - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe PRC - [2010-11-17 21:29:28 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2010-10-24 13:32:18 | 000,561,152 | ---- | M] () -- C:\APLIKACJE\VT\Ventrilo.exe PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService) SRV - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe -- (ABConfSV) SRV - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe -- (AVTasks2) SRV - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe -- (ABMainSV) SRV - [2011-05-28 22:09:11 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup) SRV - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe -- (AVUpdate) SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-05-28 22:09:13 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys -- (ABFLT) DRV - [2011-04-14 12:43:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-10-26 13:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys -- (ABTDI) DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt) DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14672 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14672" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU&o=14670&locale=en_US&apn_uid=d4124f3f-c3c6-4f69-a694-c67613d3d572&apn_ptnrs=T8&apn_sauid=A1F95A44-C8D0-4EB5-A2A6-7B48A1F330D2&apn_dtid=YYYYYYYYPL&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M] [2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions [2011-03-12 13:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions [2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-06 19:13:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\toolbar@ask.com [2011-07-14 08:14:49 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\searchplugins\askcom.xml File not found (No name found) -- [2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-05-22 22:06:58 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL [2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [H/PC Connection Agent] File not found O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-14 08:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\HiJackThis [2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller [2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10 [2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher [2011-06-11 03:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR [2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys [2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys [2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks [2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx [2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt [2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution [2011-05-22 22:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir [2011-05-22 22:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit [2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-14 10:23:23 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync [2011-07-14 10:11:57 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-07-14 10:11:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-07-14 10:11:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-07-14 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011-07-14 08:47:00 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\HiJackThis.lnk [2011-07-14 08:41:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT [2011-07-14 08:41:20 | 018,172,482 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-07-14 08:33:08 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini [2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:29:28 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\HijackThis.msi [2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk [2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 22:23:54 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-14 09:43:52 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync [2011-07-14 08:46:56 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\HiJackThis.lnk [2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:29:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\HijackThis.msi [2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-11 03:15:50 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk [2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat [2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI [2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys [2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini [2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc [2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc [2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-04-27 21:23:11 | 018,172,482 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica [2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft [2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics [2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon [2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit [2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl [2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik [2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai [2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent [2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2011-05-28 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit [2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation [2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2011-07-14 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10 [2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica [2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP [2010-11-14 03:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Baidu [2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb [2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva [2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo [2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares [2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10 [2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER [2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software [2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit [2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea [2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl [2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM [2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive [2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik [2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency [2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai [2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent [2011-07-14 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011-07-14 10:23:23 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-07-14 10:11:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Chcę się pozbyć ArcaVir w 100% i raz na zawsze, i zależy mi też na czasie, bo muszę ogarnąć jeszcze program anti-cheaterski zanim dzisiaj już będę grał. [color="#FF0000"]//wstawiam w log i przenoszę do Bezpieczeństwa //dan[/color]
wirusolog komentarz 14 lipca 2011 komentarz 14 lipca 2011 (edytowane) [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found O4 - HKLM..\Run: [] File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found DRV - [2010-10-26 13:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys -- (ABTDI) DRV - [2011-05-28 22:09:13 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys -- (ABFLT) SRV - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService) SRV - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe -- (ABConfSV) SRV - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe -- (AVTasks2) SRV - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe -- (ABMainSV) SRV - [2011-05-28 22:09:11 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup) SRV - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe -- (AVUpdate) [2011-05-22 22:06:58 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL :Files C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit C:\APLIKACJE\arcaVir :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] W panelu sterowania (dodaj lub usuń programy) odinstaluj całkowicie tego śmietka: [b]Ask Toolbar / Ask.com[/b] [b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size="3"][b]Clean[/b][/size] Pokaż raport z tego narzędzia. [b]4.[/b] Ściągnij -> [url=http://images.malwareremoval.com/jpshortstuff/SystemLook.exe][b][color=blue][u]SystemLook.exe[/url][/b][/color][/u] Uruchom i w dolne białe okienko wklej to: [quote] :filefind arcaVir ArcaBit :regfind arcaVir ArcaBit[/quote] Naciśnij [b]Look[/b] i czekaj aż pojawi się raport. Pokaż Nam go. [b]4.[/b] Po tych czynnościach uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. [u]Pokazujesz nowe logi z OTL + raport z usuwania Ad-Removerem + raport z usuwania OTLem + raport z SystemLook.[/u]
Bando komentarz 14 lipca 2011 Autor komentarz 14 lipca 2011 To tak: Wszystkie punkty wykonałem, ale nie wszystko poszło właściwie. [b]1. Raport z usuwania OTL (tu wszystko było okej)[/b] [log] All processes killed ========== OTL ========== Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} C:\Program Files\WebEx\ieatgpc.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ deleted successfully. C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ not found. File C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll not found. Registry key HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Error: Unable to stop service ABTDI! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ABTDI deleted successfully. C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys moved successfully. Service ABFLT stopped successfully! Service ABFLT deleted successfully! C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys moved successfully. Service ArcaRemoteService stopped successfully! Service ArcaRemoteService deleted successfully! C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe moved successfully. Service ABConfSV stopped successfully! Service ABConfSV deleted successfully! C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe moved successfully. Service AVTasks2 stopped successfully! Service AVTasks2 deleted successfully! C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe moved successfully. Service ABMainSV stopped successfully! Service ABMainSV deleted successfully! C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe moved successfully. Service AVBackup stopped successfully! Service AVBackup deleted successfully! C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe moved successfully. Service AVUpdate stopped successfully! Service AVUpdate deleted successfully! C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe moved successfully. C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\components folder moved successfully. C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome\skin folder moved successfully. C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome\content folder moved successfully. C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome folder moved successfully. C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL folder moved successfully. ========== FILES ========== C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\MassMailing folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\HTTPServ folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110714 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110706 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110604 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110529 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110528 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110525 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110524 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110523 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110522 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Configuration\Global folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Configuration folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\AVQuarantine folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate\Tmp\Downloaded folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate\Tmp folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\opera folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ie folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ff\components folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions\ff folder moved successfully. C:\APLIKACJE\arcaVir\WebExtensions folder moved successfully. C:\APLIKACJE\arcaVir\Logs\Debug folder moved successfully. C:\APLIKACJE\arcaVir\Logs folder moved successfully. C:\APLIKACJE\arcaVir\Graph\freeedition\buttons folder moved successfully. C:\APLIKACJE\arcaVir\Graph\freeedition folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\types folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\pl\main folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\pl folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\en\main folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\en\cfg folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\en folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\elements folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\dialogs folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011\buttons folder moved successfully. C:\APLIKACJE\arcaVir\Graph\2011 folder moved successfully. C:\APLIKACJE\arcaVir\Graph folder moved successfully. C:\APLIKACJE\arcaVir\Configuration\Default folder moved successfully. C:\APLIKACJE\arcaVir\Configuration folder moved successfully. C:\APLIKACJE\arcaVir\Common folder moved successfully. C:\APLIKACJE\arcaVir\ArcaVir\lang folder moved successfully. C:\APLIKACJE\arcaVir\ArcaVir\Engine folder moved successfully. C:\APLIKACJE\arcaVir\ArcaVir\Bases\main folder moved successfully. C:\APLIKACJE\arcaVir\ArcaVir\Bases folder moved successfully. C:\APLIKACJE\arcaVir\ArcaVir folder moved successfully. C:\APLIKACJE\arcaVir\ArcaUpdate\exec folder moved successfully. C:\APLIKACJE\arcaVir\ArcaUpdate folder moved successfully. C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder folder moved successfully. C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup folder moved successfully. C:\APLIKACJE\arcaVir\ArcaTools folder moved successfully. C:\APLIKACJE\arcaVir\ArcaAgent folder moved successfully. C:\APLIKACJE\arcaVir\abndis folder moved successfully. C:\APLIKACJE\arcaVir folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: ADMIN ->Flash cache emptied: 782 bytes User: All Users User: Default User User: LocalService User: Marek ->Flash cache emptied: 1921 bytes User: NetworkService User: Wiola ->Flash cache emptied: 3295 bytes User: Wojtek ->Flash cache emptied: 115768 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: ADMIN ->Temp folder emptied: 587927 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 69564606 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33615 bytes User: Marek ->Temp folder emptied: 3959343 bytes ->Temporary Internet Files folder emptied: 1727024 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 121156328 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Wiola ->Temp folder emptied: 589435 bytes ->Temporary Internet Files folder emptied: 1067863 bytes ->FireFox cache emptied: 101695047 bytes ->Flash cache emptied: 0 bytes User: Wojtek ->Temp folder emptied: 486764089 bytes ->Temporary Internet Files folder emptied: 98410582 bytes ->Java cache emptied: 3824472 bytes ->FireFox cache emptied: 113754395 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2129157 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32768 bytes RecycleBin emptied: 101099294 bytes Total Files Cleaned = 1 055,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07142011_140927 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] 2. Raport z usuwania AD-R (tu też nie miałem problemów) [log] ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:16:45 on 14/07/2011, Normal boot Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86) ADMIN@WOJTEKDOM ( ) ============== ACTION(S) ============== File deleted: C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default\searchplugins\askcom.xml Folder deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\extensions\vshare@toolbar File deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\searchplugins\web-search.xml Folder deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\baidu (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default\Prefs.js -- Line deleted: user_pref("browser.search.defaultengine", "Ask.com"); Line deleted: user_pref("browser.search.defaultenginename", "Ask.com"); Line deleted: user_pref("browser.search.order.1", "Ask.com"); -- File closed -- -- File opened: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\Prefs.js -- Line deleted: user_pref("extensions.enabledAddons", "vshare@toolbar:1.0.0,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6... Line deleted: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,jqs@sun.com:1.0,... Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jqs@sun.com\":{... Line deleted: user_pref("extensions.vshare@toolbar.update.enabled", false); Line deleted: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="); Line deleted: user_pref("vshare.install.date", "1296345600000"); Line deleted: user_pref("vshare.install.dumpFileCount", 0); Line deleted: user_pref("vshare.install.dumpFileDisabled", false); Line deleted: user_pref("vshare.install.finished", "1.0.0"); Line deleted: user_pref("vshare.install.guid", "{8707343d-2237-4734-9acd-00b952b1c6d0}"); Line deleted: user_pref("vshare.install.isHidden", true); Line deleted: user_pref("vshare.install.istoolbarhp", true); Line deleted: user_pref("vshare.install.istoolbarsearch", true); Line deleted: user_pref("vshare.install.laststatreq", "1310601600000"); Line deleted: user_pref("vshare.install.newtab", true); Line deleted: user_pref("vshare.install.overlayVersion", 1); Line deleted: user_pref("vshare.install.userHPSettings", "hxxp://google.pl"); Line deleted: user_pref("vshare.install.userSPSettings", "Google"); -- File closed -- Key deleted: HKU\.DEFAULT\Software\AskToolbar Key deleted: HKLM\Software\aTube Catcher\OpenCandy Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default -- Prefs.js - browser.download.dir, C:\\Documents and Settings\\ADMIN\\Pulpit Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\ADMIN\\Pulpit Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.youtube.com/?gl=PL&hl=pl Prefs.js - browser.startup.homepage_override.buildID, 20110318052756 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0 -- C:\Documents and Settings\Marek\Dane aplikacji\Mozilla\FireFox\Profiles\kj7uogf3.default -- Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Marek\\Pulpit Prefs.js - browser.startup.homepage, www.start24.pl Prefs.js - browser.startup.homepage_override.buildID, 20110318052756 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0 -- C:\Documents and Settings\Wiola\Dane aplikacji\Mozilla\FireFox\Profiles\50z41rvv.default -- Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Wiola\\Pulpit Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12 -- C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default -- Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus(R))) Prefs.js - browser.download.dir, C:\\Documents and Settings\\Wojtek\\Pulpit Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Wojtek\\Pulpit Prefs.js - browser.search.defaultenginename, Web Search... Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, www.start24.pl Prefs.js - browser.startup.homepage_override.buildID, 20110318052756 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0 Prefs.js - privacy.popups.showBrowserMessage, false ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\APLIKACJE\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\APLIKACJE\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\APLIKACJE\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\APLIKACJE\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\APLIKACJE\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{BB8A9962-452A-4a00-814E-650B96EAA0D2} - C:\Program Files\WebEx\atinst.exe (x) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\APLIKACJE\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 14 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 14/07/2011 14:16:53 (2853 Byte(s)) End at: 14:17:26, 14/07/2011 ============== E.O.F ============== [/log] 3. Raport z SystemLook. I tutaj wyskakuje mi błąd @poprawka jak wszystko zrobiłem i przeskanowałem OTL to błąd już nie wyskakiwał i mam raport: [log]SystemLook 04.09.10 by jpshortstuff Log created at 14:38 on 14/07/2011 by ADMIN Administrator - Elevation successful ========== filefind ========== Searching for "arcaVir" No files found. Searching for "ArcaBit" No files found. ========== regfind ========== Searching for "arcaVir" [HKEY_CURRENT_USER\Software\ArcaBit\ArcaVir] [HKEY_CURRENT_USER\Software\ArcaBit\ArcaVir\ArcaVir] [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\26E56EF9720D7F743BD2C8CA0620D657] "ProductName"="ArcaVir" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ArcaVir] [HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit] "RootPath"="C:\APLIKACJE\arcaVir\" [HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit\ArcaVir] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ArcaVirShell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7824897-C8DC-49b4-B790-30F7ED16A5FD}] @="ArcaVir Shell Extension" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7824897-C8DC-49b4-B790-30F7ED16A5FD}\InProcServer32] @="C:\APLIKACJE\arcaVir\arcavir\avshell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ArcaVirShell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2F5B25E-0B3F-43D8-9806-9E35370B9177}\1.0\0\win32] @="C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Common\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaVir\Engine\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaVir\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaVir\lang\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaVir\Bases\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\abndis\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Configuration\Default\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Configuration\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaUpdate\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\freeedition\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\freeedition\buttons\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\pl\main\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\pl\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\elements\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\en\main\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\en\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\dialogs\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\buttons\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\types\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaVir\Bases\main\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\Graph\2011\en\cfg\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaTools\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\ArcaAgent\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ff\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ff\components\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\ie\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\APLIKACJE\arcaVir\WebExtensions\opera\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\03254786E7A478C47A928FC2273C38F7] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVConfig.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\051AA24EDC5A9F04AB763C0936E57A0E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0755C7FC720BF1149A0A3C5A1FCB94B2] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\Hibernator.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0EE48F2280E27DB4B871B858135DC3E4] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLogs.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0FAC754898B303149BBEBA2BB32F883F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanCom.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\11625A4425C97C446A3D8DD474CA5594] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanScript.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\136B82575C0FD4F4591AE00D7057EA1E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcavir.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\15BF42837B47E82439FE036416910EEE] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1AB0DB449F34A124EBEE49EA38EB9B0E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\avengine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1AD0977840EBD274F8BE860B219E2CCF] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanOle.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1C01A340E305C7B4BBB1874F896B1693] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AvQuar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1C39966E88F9A214FB5176F399798C18] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1D5C9558E1C8C6C40B1F470B7F35DF06] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaDump.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1E755ABD4FA30AD42B35DC612E4F318C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\netscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1FD86AA0EC3CB5049AB651FA09465077] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\asres_pl.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\20D8D7E988A84654EBD22C73ED1BC81F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaMail.AnswerWindow.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2135A34821C2D2C44B4D0E9EC3DDAD08] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin\overlay.css" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\21EB59EBE63D2134C86E903639CDAE2C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLogsViewer.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\24ACA9341D000204DB92ECD7E3160DE8] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVUtils.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\27E6568700D6602479D43B84A2A70A7E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\FilesBrowser.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\283B7AC3767B3334BA754E9187D639E4] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBT.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2AE181BEC335FA047A6AD6DCDBD1A3A0] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\abndis\ABNDIS.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2ECFF528F61F39C4CACE06BB604DAB0E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVASpamTrainer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\316B1DFE84FA1E54698151975E246178] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\lang\eng.atr" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3565859EBA1F7BD41A80118D42B1673C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBit.ArcaBackupBrowser.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\367928CE3DA2A93458DAC46A2E26783D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\libeay32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\37713D5CC9EDF4D449A88B5AE1DCD0CC] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3A5171D162097AE41B1B5FCBEBD85B0D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanHeurDM.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3CD2F7052560DA642BABEF9EE7701A6F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3FC52CF9EA8489A4CB126A7772FA1498] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\facrview.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\40BFA327EC024E648AA5C58871819308] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\buttons\bp.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\45BB83414BAF37943B5F2D3C582C34DA] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanHlp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\45FD6D8E1A011F84FA2660983A481399] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\components\ArcaExt.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4C06E1AF611D9C749B392A5F816CCCAE] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\elements\arrow.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4D534D318EC00C146BF09C57870BE19C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaStat.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4E1F832D269933E4ABF9A8FC1350066C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4FD32258436D41046B6DBFA08814F481] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaUpdate\HTTPServ_dll.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\524DF34A33D5BA34ABAE178C7DB37261] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinderAG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\55E1B460431A0884181563F9BA97CB33] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\facproxy.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\579442CE14FBABB4F91F8C70DE6BB84E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaAgent\ArcaWFC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\57D7A9C064493B747A92A7478AA9C4AE] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaHelp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\582C51DBEDD1A1144B990FE421447B6E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\components\ArcaExt.xpt" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\58E988D82D274794BA0E019BED55BC91] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\en\cfg\accesscontrol.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\59A832890D73FD0438858D0FA2223684] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\freeedition\g.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\5A28A0BB2FA555B4E91B4762830C63E5] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Configuration\Default\monitor.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\5B4086B4807B7924ABA0952FAE483049] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ABSlave.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\62DB5460BA447F3498C23B189440AC80] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ProcMan.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\635989EEBEA8F0A44B3D394C6CBA7035] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\install.rdf" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6528B5898A89F304A9841C04BC44B00C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanTrojan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\68E67E196AE28034FA8DEEE6F91C1829] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\MetaProc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6B88D6B66AB332848B26989570A23847] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\pl\main\ap_r.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6CBC2BE60F4C627459A699A405C7E7BB] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6DF457CD36EF58D418A7D85609DD5C13] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanExe.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\70488FBDD249B0248B716F170D735473] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\avcnstat.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\708BBA565B5B77D428DEAB44901D33BD] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVLang.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7203FB20A4D056940AEB679900B27CDA] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\74ABFB1C158B44F4588CB486AD5C770A] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVFix.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\76A5ADB7E7B771D4091441547B11125F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaCfgViewer.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\787AC618B9CFAE443887377A1801A29B] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Heur.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\78B5DAFAA61827649BCDF16EFFF59144] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanDialer.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\79555AA19119ABE478A797F1A01B21BB] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcadump.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7C609B2ACD2A59D4EBF0A7DDABAA3CAA] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\DiskCheck.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7E4D583130686EF4098904F9CACBD8CD] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ProfilesManager.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7EB7C99F60D16334484E0C110C386BA2] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVQuarEx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\80F6B0D9EF52D014F9E3D6534F64B033] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVMenu.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\82782732ABF2C3B47BC9F699324593BC] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avtask2.messages.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\869E0BE9D0D507442AFCF15E80E39C12] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanMlw.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\86FA9EDC1101CB74AB9A1E1264E18352] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\en\main\sp_g.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\873905A471C9A764987382726E14AC0A] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\types\svp.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8C6FECDC9001D0A4F95D20AF32F54C5D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\BaseManager.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8EDCB363026056A459568A5198B8BA1D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8EE6810633C19CC4994002FD78E13F83] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\filescan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\93E4F70850F514342A1E4B1D8AA6AE62] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVConvOb.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9440F252E20B72347BF199EDFAC2EC62] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaCoolka.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\955B4E63123CE304ABE2A2BBF934603C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\HTTPContent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9991089E41663274688B5161E3245BCA] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVObject.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\99ED5672BB737044AAF7FF30BC6B4DBE] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Decrypt.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9B76CB2DED700ED4DAB1257C32F94A6B] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanText.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A14983B7EA47379449A17029666F8CD2] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Bases\main\abasetr_f.dat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A240CB9152F8EE24983BBD0AAB536477] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avbackup.messages.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A2B11E64813A4A7428CD8B74F2EA6EF0] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\facd.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A5FC303948EE7644FB216E8FE2035388] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\avaspam.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A9C6980667E2FF54384C9E823E0C3CA6] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaRep.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AA26542D6FA6A534BB223A6667454136] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\opera\ArcaBitSkin.zip" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AC6DFBA8CF15E034C8FEF653321221B9] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\avtransl.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AD0753FF0A161AB409B51A959542A635] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanExploit.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AD89436A4B714B348AB63F85DB00F1BB] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVArchOb.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B2C20955F68BEC848BCB4B9C93EAA539] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\HTTPRegx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B371078252B91734287B96B7EB685678] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B3899415AD3DA9E42B7E98F6B22A8043] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaVirMaster.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B3D88E48DA05F714D90981DD7FC3CA00] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ssleay32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B440FB89C312A6E478E559F2772A4F1D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Patterns.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B4698B4FBE173D34B8A2360AF9E3793D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\arcabit.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B5127142BBDD44D4184276BD26D10C36] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaAux.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B5F04C7631B4D6B49A369774B77E63A9] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\FindMeta.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B7E915E200049E841A5876EF7A8B3079] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABSender.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\BB61ED3A9451FB94995D787B77AA32FD] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVShell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\BF8AC24383595B14CAEB6625E0121747] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanAux.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C0362DCB6176CB54395F89E21C3B6397] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\abregmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C0503CCDBAF7CB843B0C466D7E526624] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\licntf.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C1FF9DD08BE980549BCF8BBA0A673F52] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ATestCmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C5B38E43689F8824DA011A7E2CE62A2D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaBackupBrowserPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CA2B814963AF80046B5E03A7CD7B7A2C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\localps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CA88F2FFD617C4B4AB712B1D4EB46B67] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\abndis\abndis.inf" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CC42B9A7482562140921EC3C735286D0] "26E56EF9720D7F743BD2C8CA0620D657"="C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF21E79DCF1A9CD488245DD10C2CFB37] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\HTTPContent.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF4D5DE5642033946BBBD9D19ADA8BDC] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLang.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF4D79A096A91164E85BD67AA3B28C1D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\FWReports.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DB4FBADA353D53C439022B1ED5409C74] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ABM.AnswerWindow.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DBC01B18263E94140BE0829E4E03767E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg\package.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DC72C692673390743A23B2726E34FC72] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaCmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DDCE1A8371E67D04CBD4B27159D83BD2] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\asres_en.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DDD738881D9F722498ED6AD8DEEE2632] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaFileManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DEA0A6C23746946419BC74FA01748EF5] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\freeedition\buttons\4b.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DFF394B0F9E863E48ACD6D93C8754A90] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Bases\abasea.dat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E88A3F7BD4F80F44F9AE1A7F3055A64F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E9473C6D2FEDF0847B88A144A7BB1C24] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF0C0AA7D3C5A6340981B7DC5DF8A873] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderDPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF1C1F47B35C4404C89CA0C5D16E1D3B] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanGeneric.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F32D950B8BC5B144AAA57C16888D0977] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\dialogs\ar.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F4977BF18EFBF904886430A4EB88AFE8] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Cure.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F7E86E3115D1C814EAC97F056B2491C4] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanEicar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F83B387C38EE04D4D9E9ABDAC9FF5E97] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\abmaster.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F8E522721DF8247499BEB9B8461AEC65] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\FA5B17F975932A8428CD77210E780161] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcavir.chm" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties] "DisplayName"="ArcaVir" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties] "InstallLocation"="C:\APLIKACJE\arcaVir\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{D7824897-C8DC-49b4-B790-30F7ED16A5FD}"="ArcaVir Shell Extension" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}] "DisplayName"="ArcaVir" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}] "InstallLocation"="C:\APLIKACJE\arcaVir\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaVir] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaVir\ArcaVir] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Installer\Products\26E56EF9720D7F743BD2C8CA0620D657] "ProductName"="ArcaVir" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ArcaVir] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module" Searching for "ArcaBit" [HKEY_CURRENT_USER\Software\ArcaBit] [HKEY_CURRENT_USER\Software\ArcaBit\ArcaDump] "LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\051AA24EDC5A9F04AB763C0936E57A0E] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\20D8D7E988A84654EBD22C73ED1BC81F] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaMail.AnswerWindow.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3565859EBA1F7BD41A80118D42B1673C] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBit.ArcaBackupBrowser.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\37713D5CC9EDF4D449A88B5AE1DCD0CC] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\524DF34A33D5BA34ABAE178C7DB37261] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinderAG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\82782732ABF2C3B47BC9F699324593BC] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avtask2.messages.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A240CB9152F8EE24983BBD0AAB536477] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avbackup.messages.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AA26542D6FA6A534BB223A6667454136] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\opera\ArcaBitSkin.zip" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B4698B4FBE173D34B8A2360AF9E3793D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\arcabit.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C5B38E43689F8824DA011A7E2CE62A2D] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaBackupBrowserPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DB4FBADA353D53C439022B1ED5409C74] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ABM.AnswerWindow.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E9473C6D2FEDF0847B88A144A7BB1C24] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF0C0AA7D3C5A6340981B7DC5DF8A873] "26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderDPL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F3FD5836088175A4C8D897D7C5485DEC] "26E56EF9720D7F743BD2C8CA0620D657"="02:\SOFTWARE\ArcaBit\RootPath" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties] "Publisher"="Arcabit Sp z o.o." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}] "Publisher"="Arcabit Sp z o.o." [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaDump] "LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml" -= EOF =- [/log] 4. Ostatni raport ze skanowania OTL: [log] OTL logfile created on: 2011-07-14 14:32:16 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 84,14% Memory free 5,34 Gb Paging File | 4,98 Gb Available in Paging File | 93,25% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 70,62 Gb Free Space | 70,62% Space Free | Partition Type: NTFS Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-02-06 12:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-14 12:43:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt) DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/?gl=PL&hl=pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M] [2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions [2011-07-14 14:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions [2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} File not found (No name found) -- [2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-14 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-07-14 14:09:27 | 000,000,000 | ---D | C] -- C:\_OTL [2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller [2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10 [2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR [2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys [2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys [2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks [2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx [2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt [2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution [2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-14 14:19:32 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT [2011-07-14 14:19:11 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-07-14 14:19:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-07-14 14:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-07-14 14:17:38 | 018,174,344 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-07-14 14:16:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk [2011-07-14 14:16:38 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe [2011-07-14 14:11:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini [2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk [2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 22:23:54 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-14 14:16:44 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk [2011-07-14 14:16:38 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe [2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk [2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat [2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI [2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys [2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini [2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc [2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc [2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-04-27 21:23:11 | 018,174,344 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica [2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft [2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics [2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon [2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit [2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl [2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik [2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai [2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent [2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation [2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2011-07-14 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10 [2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica [2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP [2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb [2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva [2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo [2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares [2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10 [2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER [2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software [2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit [2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea [2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl [2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM [2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive [2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik [2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency [2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai [2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-07-14 14:18:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Folder z arcaVir jest usunięty za co dziękuję . Teraz pozostaje tylko pytanie czy już mogę instalować avasta? Czy zostało jeszcze coś z arcaVira co może przeszkadzać w prawidłowym działaniu innych programów?
wirusolog komentarz 14 lipca 2011 komentarz 14 lipca 2011 Zostało bardzo dużo kluczy w rejestrze po ArcaVirze. Spróbój zainstalować Avasta, jeżeli instalacja nie będzie szła, będę próbówał napisać skrypt usuwający wszystkie klucze w rejestrze.
Bando komentarz 14 lipca 2011 Autor komentarz 14 lipca 2011 Instalacja Avasta się powiodła i właśnie skanuje cały system. Program anty-cheaterski , tak jak przypuszczałem teraz działa znakomicie. Co ciekawe pojawił się na nowo prorgam arcaVir na liście w panelu sterowania. Użyłem prorgamu Revo uninstaler i usunąłem wszystko (wpisy w rejestrze prawdopodobnie też) co jest związane z ArcaVirem. Wykonałem też dla sprawdzenia czy to już na pewno wszystko skan OTL-em: [log] OTL logfile created on: 2011-07-14 15:13:38 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 78,50% Memory free 5,34 Gb Paging File | 4,68 Gb Available in Paging File | 87,79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 70,48 Gb Free Space | 70,48% Space Free | Partition Type: NTFS Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe PRC - [2011-07-12 16:37:24 | 002,764,800 | ---- | M] (Turtle Entertainment GmbH) -- C:\APLIKACJE\EslWire\wire.exe PRC - [2011-07-11 12:35:10 | 000,232,960 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\AvastUI.exe PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\AvastSvc.exe PRC - [2011-06-22 15:38:32 | 000,024,480 | ---- | M] () -- C:\APLIKACJE\EslWire\inGame32.exe PRC - [2011-06-22 15:38:30 | 000,388,096 | ---- | M] () -- C:\APLIKACJE\EslWire\dbus-daemon.exe PRC - [2011-06-01 15:15:30 | 000,537,184 | ---- | M] () -- C:\APLIKACJE\Gadu-Gadu 10\open-fm.exe PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-05-19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\snxhk.dll MOD - [2011-06-22 15:38:30 | 000,447,904 | ---- | M] () -- C:\APLIKACJE\EslWire\inGame32.dll MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-07-11 12:35:10 | 000,232,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\APLIKACJE\avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2011-06-22 15:38:26 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt) DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/?gl=PL&hl=pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\APLIKACJE\avast\WebRep\FF [2011-07-14 15:03:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M] [2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions [2011-07-14 14:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions [2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} File not found (No name found) -- [2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\APLIKACJE\avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [H/PC Connection Agent] File not found O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-14 15:03:38 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-07-14 15:03:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-07-14 15:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-07-14 15:03:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-07-14 15:03:36 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-07-14 15:03:36 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-07-14 15:03:36 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-07-14 15:03:36 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-07-14 15:03:35 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-07-14 15:03:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-07-14 15:03:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-07-14 15:03:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-07-14 15:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-07-14 14:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\ESL Wire Game Client [2011-07-14 14:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011-07-14 14:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ESL Wire [2011-07-14 14:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESL Wire [2011-07-14 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-07-14 14:09:27 | 000,000,000 | ---D | C] -- C:\_OTL [2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller [2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10 [2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR [2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR [2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys [2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys [2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks [2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx [2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared [2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo [2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt [2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution [2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-14 15:03:38 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-07-14 15:03:36 | 000,002,635 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-07-14 14:52:48 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ESL Wire.lnk [2011-07-14 14:51:26 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-07-14 14:51:17 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT [2011-07-14 14:19:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-07-14 14:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-07-14 14:17:38 | 018,174,344 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-07-14 14:16:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk [2011-07-14 14:16:38 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe [2011-07-14 14:11:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini [2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-07-11 12:35:10 | 000,232,960 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-07-04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys [2011-06-22 15:38:26 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys [2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-14 15:03:38 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-07-14 14:52:52 | 000,232,960 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011-07-14 14:52:48 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ESL Wire.lnk [2011-07-14 14:16:44 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk [2011-07-14 14:16:38 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe [2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk [2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe [2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk [2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk [2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk [2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk [2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat [2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat [2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI [2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys [2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini [2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc [2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc [2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-04-27 21:23:11 | 018,174,344 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica [2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft [2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics [2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon [2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo [2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit [2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl [2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM [2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik [2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai [2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent [2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2011-07-14 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation [2011-07-14 14:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESL Wire [2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2011-07-14 14:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution [2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10 [2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica [2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP [2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb [2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva [2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo [2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares [2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10 [2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER [2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software [2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit [2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea [2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl [2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM [2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive [2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik [2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency [2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai [2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-07-14 14:18:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Mam nadzieję że pozbyłem się tego niefortunnego programu raz na zawsze. Jeśli tak nie jest , to mogę spodziewać się dalszych niespodzianek ze strony ArcaVira ? Czy śmieci w rejestrze są nieszkodliwe? Dziękuję też za pomoc i czas poświęcony mojemu problemowi
wirusolog komentarz 14 lipca 2011 komentarz 14 lipca 2011 No to wklej to samo w SystemLook co w poście #2, punkcie 4. Pokaż raport.
Bando komentarz 14 lipca 2011 Autor komentarz 14 lipca 2011 Tutaj raport: [log] SystemLook 04.09.10 by jpshortstuff Log created at 16:24 on 14/07/2011 by ADMIN Administrator - Elevation successful ========== filefind ========== Searching for "arcaVir" No files found. Searching for "ArcaBit" No files found. ========== regfind ========== Searching for "arcaVir" [HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit] "RootPath"="C:\APLIKACJE\arcaVir\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABConfSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABMainSV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVBackup] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVTasks2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVUpdate] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ABTDI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_drv] "ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit\ArcaVir] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit\ArcaVir\ArcaVir] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaVir\AVMenu.exe"="ArcaVir Tray Module" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaVir\ArcaAux.exe"="ArcaVir Aux Module" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\Common\hibernator.exe"="ArcaBit Hibernator Module" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaVir\licntf.exe"="ArcaVir LicNtf" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaVir\arcavir.exe"="ArcaVir Main Module" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module" Searching for "ArcaBit" [HKEY_CURRENT_USER\Software\ArcaBit] [HKEY_CURRENT_USER\Software\ArcaBit\ArcaDump] "LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\"="1" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaDump] "LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml" [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit] [HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\APLIKACJE\arcaVir\Common\hibernator.exe"="ArcaBit Hibernator Module" -= EOF =- [/log]
wirusolog komentarz 14 lipca 2011 komentarz 14 lipca 2011 Trochę kluczy zostało, ale nie daje ich do usuwania. Uruchom OTL i wciśnij [b]Sprzątanie[/b] / w Ad-Remover wciśnij przycisk [b]UNINSTALL[/b]. To wszystko.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.