x-kom hosting

ArcaVir i problem z deinstalacją

Bando
utworzono
utworzono (edytowane)

Witam
Mam ArcaVira już kilka miesięcy i nie było z nim problemów, dopóki nie musiałem ściagnąć programu anti-cheaterskiego. Cały czas wykrywał błędy , więc postanowiłem że zmienie ArcaVira na starego dobrego Avasta. Próbowałem odinstalować ArcaVira przez "dodaj lub usuń programy" i teoretycznie zniknął stamtąd jednak nadal się uruchamiał. Dlatego usunąłem go tak, jak podaje na stronie ArcaVira czyli start>wszystkie proragmy>Arcavir>odinstaluj i też PRAWIE się usunął jednak na samym końcu wyskoczył błąd. Teraz nigdzie nie widać , że ten prorgam jest zainstalowany, a mimo to uruchamia się wraz z windowsem (potem w programie Revo Uninstaler zaznaczyłem żeby wgl się nie uruchamiał ze startem systemu). Nie mogę usunąć folderu z plikami ArcaVir a dodatkowo co jakiś czas wyskakuje błąd (np. przy instalacjach) że ArcaVir jeszcze jest.

Dodam też logi z hijackthis żebyście wiedzieli naczym stoję.

[log]Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:47:15, on 2011-07-14
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe
C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe
C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe
C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe
C:\APLIKACJE\Diskeeper\DkService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\APLIKACJE\Mozilla\firefox.exe
C:\APLIKACJE\Mozilla\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\APLIKACJE\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.ask.com/?l=dis&o=14672"]http://www.ask.com/?l=dis&o=14672[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com"]http://www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com"]http://www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcaBit Config Service (ABConfSV) - ArcaBit - C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe
O23 - Service: ArcaBit Main Service (ABMainSV) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe
O23 - Service: ArcaBit Backup Service (AVBackup) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\APLIKACJE\Diskeeper\DkService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6902 bytes[/log]


I log z OTL: (tak jak jest w regulaminie, pierwszy log dałem w innym temacie)
[log]
OTL logfile created on: 2011-07-14 10:31:59 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 77,02% Memory free
5,34 Gb Paging File | 4,51 Gb Available in Paging File | 84,51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 69,86 Gb Free Space | 69,86% Space Free | Partition Type: NTFS
Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
PRC - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe
PRC - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe
PRC - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe
PRC - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe
PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe
PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe
PRC - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe
PRC - [2010-11-17 21:29:28 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2010-10-24 13:32:18 | 000,561,152 | ---- | M] () -- C:\APLIKACJE\VT\Ventrilo.exe
PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe
PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe -- (ABConfSV)
SRV - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe -- (AVTasks2)
SRV - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV - [2011-05-28 22:09:11 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup)
SRV - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe -- (AVUpdate)
SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-05-28 22:09:13 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys -- (ABFLT)
DRV - [2011-04-14 12:43:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-10-26 13:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14672
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14672"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU&o=14670&locale=en_US&apn_uid=d4124f3f-c3c6-4f69-a694-c67613d3d572&apn_ptnrs=T8&apn_sauid=A1F95A44-C8D0-4EB5-A2A6-7B48A1F330D2&apn_dtid=YYYYYYYYPL&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M]

[2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions
[2011-03-12 13:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions
[2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-07-06 19:13:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\toolbar@ask.com
[2011-07-14 08:14:49 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\searchplugins\askcom.xml
File not found (No name found) --
[2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-05-22 22:06:58 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL
[2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [H/PC Connection Agent] File not found
O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-14 08:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\HiJackThis
[2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller
[2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10
[2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher
[2011-06-11 03:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR
[2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt
[2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution
[2011-05-22 22:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir
[2011-05-22 22:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-14 10:23:23 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2011-07-14 10:11:57 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-07-14 10:11:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-07-14 10:11:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-14 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-07-14 08:47:00 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\HiJackThis.lnk
[2011-07-14 08:41:33 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2011-07-14 08:41:20 | 018,172,482 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-07-14 08:33:08 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:29:28 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\HijackThis.msi
[2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk
[2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 22:23:54 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-14 09:43:52 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2011-07-14 08:46:56 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\HiJackThis.lnk
[2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:29:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\HijackThis.msi
[2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-11 03:15:50 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk
[2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat
[2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys
[2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc
[2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc
[2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-27 21:23:11 | 018,172,482 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica
[2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft
[2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics
[2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon
[2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit
[2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl
[2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik
[2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai
[2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent
[2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2011-05-28 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
[2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software
[2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2011-07-14 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10
[2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica
[2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP
[2010-11-14 03:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Baidu
[2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb
[2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva
[2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo
[2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares
[2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10
[2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER
[2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software
[2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit
[2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea
[2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl
[2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM
[2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive
[2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik
[2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency
[2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai
[2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent
[2011-07-14 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-07-14 10:23:23 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-07-14 10:11:11 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >
[/log]

Chcę się pozbyć ArcaVir w 100% i raz na zawsze, i zależy mi też na czasie, bo muszę ogarnąć jeszcze program anti-cheaterski zanim dzisiaj już będę grał.

[color="#FF0000"]//wstawiam w log i przenoszę do Bezpieczeństwa
//dan[/color]

wirusolog
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found
O4 - HKLM..\Run: [] File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found
DRV - [2010-10-26 13:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2011-05-28 22:09:13 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys -- (ABFLT)
SRV - [2011-07-14 08:05:41 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV - [2011-06-04 16:46:23 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe -- (ABConfSV)
SRV - [2011-05-28 22:09:21 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe -- (AVTasks2)
SRV - [2011-05-28 22:09:12 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV - [2011-05-28 22:09:11 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup)
SRV - [2010-12-03 13:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe -- (AVUpdate)
[2011-05-22 22:06:58 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL

:Files
C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
C:\APLIKACJE\arcaVir

:Commands
[emptyflash]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] W panelu sterowania (dodaj lub usuń programy) odinstaluj całkowicie tego śmietka: [b]Ask Toolbar / Ask.com[/b]

[b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size="3"][b]Clean[/b][/size]
Pokaż raport z tego narzędzia.

[b]4.[/b] Ściągnij -> [url=http://images.malwareremoval.com/jpshortstuff/SystemLook.exe][b][color=blue][u]SystemLook.exe[/url][/b][/color][/u]
Uruchom i w dolne białe okienko wklej to:

[quote]
:filefind
arcaVir
ArcaBit

:regfind
arcaVir
ArcaBit[/quote]
Naciśnij [b]Look[/b] i czekaj aż pojawi się raport. Pokaż Nam go.

[b]4.[/b] Po tych czynnościach uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. [u]Pokazujesz nowe logi z OTL + raport z usuwania Ad-Removerem + raport z usuwania OTLem + raport z SystemLook.[/u]

Bando
komentarz
komentarz

To tak:
Wszystkie punkty wykonałem, ale nie wszystko poszło właściwie.

[b]1. Raport z usuwania OTL (tu wszystko było okej)[/b]
[log] All processes killed
========== OTL ==========
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ deleted successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40525A66-DB98-480D-BCF9-7AF88C1AF438}\ not found.
File C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Error: Unable to stop service ABTDI!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ABTDI deleted successfully.
C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys moved successfully.
Service ABFLT stopped successfully!
Service ABFLT deleted successfully!
C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys moved successfully.
Service ArcaRemoteService stopped successfully!
Service ArcaRemoteService deleted successfully!
C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe moved successfully.
Service ABConfSV stopped successfully!
Service ABConfSV deleted successfully!
C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe moved successfully.
Service AVTasks2 stopped successfully!
Service AVTasks2 deleted successfully!
C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe moved successfully.
Service ABMainSV stopped successfully!
Service ABMainSV deleted successfully!
C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe moved successfully.
Service AVBackup stopped successfully!
Service AVBackup deleted successfully!
C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe moved successfully.
Service AVUpdate stopped successfully!
Service AVUpdate deleted successfully!
C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe moved successfully.
C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\components folder moved successfully.
C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome\skin folder moved successfully.
C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome\content folder moved successfully.
C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL\chrome folder moved successfully.
C:\APLIKACJE\MOZILLA\EXTENSIONS\ARCABIT@WWW.ARCABIT.PL folder moved successfully.
========== FILES ==========
C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\MassMailing folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\HTTPServ folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110714 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110706 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110604 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110529 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110528 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110525 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110524 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110523 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\20110522 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Configuration\Global folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\AVQuarantine folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate\Tmp\Downloaded folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate\Tmp folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\ArcaUpdate folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\opera folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ie folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ff\components folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions\ff folder moved successfully.
C:\APLIKACJE\arcaVir\WebExtensions folder moved successfully.
C:\APLIKACJE\arcaVir\Logs\Debug folder moved successfully.
C:\APLIKACJE\arcaVir\Logs folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\freeedition\buttons folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\freeedition folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\types folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\pl\main folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\pl folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\en\main folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\en\cfg folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\en folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\elements folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\dialogs folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011\buttons folder moved successfully.
C:\APLIKACJE\arcaVir\Graph\2011 folder moved successfully.
C:\APLIKACJE\arcaVir\Graph folder moved successfully.
C:\APLIKACJE\arcaVir\Configuration\Default folder moved successfully.
C:\APLIKACJE\arcaVir\Configuration folder moved successfully.
C:\APLIKACJE\arcaVir\Common folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaVir\lang folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaVir\Engine folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaVir\Bases\main folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaVir\Bases folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaVir folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaUpdate\exec folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaUpdate folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaTools folder moved successfully.
C:\APLIKACJE\arcaVir\ArcaAgent folder moved successfully.
C:\APLIKACJE\arcaVir\abndis folder moved successfully.
C:\APLIKACJE\arcaVir folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: ADMIN
->Flash cache emptied: 782 bytes

User: All Users

User: Default User

User: LocalService

User: Marek
->Flash cache emptied: 1921 bytes

User: NetworkService

User: Wiola
->Flash cache emptied: 3295 bytes

User: Wojtek
->Flash cache emptied: 115768 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: ADMIN
->Temp folder emptied: 587927 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69564606 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33615 bytes

User: Marek
->Temp folder emptied: 3959343 bytes
->Temporary Internet Files folder emptied: 1727024 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 121156328 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wiola
->Temp folder emptied: 589435 bytes
->Temporary Internet Files folder emptied: 1067863 bytes
->FireFox cache emptied: 101695047 bytes
->Flash cache emptied: 0 bytes

User: Wojtek
->Temp folder emptied: 486764089 bytes
->Temporary Internet Files folder emptied: 98410582 bytes
->Java cache emptied: 3824472 bytes
->FireFox cache emptied: 113754395 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129157 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 101099294 bytes

Total Files Cleaned = 1 055,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07142011_140927

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]


2. Raport z usuwania AD-R (tu też nie miałem problemów)
[log] ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:16:45 on 14/07/2011, Normal boot

Microsoft Windows XP Home Edition Dodatek Service Pack 3 (X86)
ADMIN@WOJTEKDOM ( )

============== ACTION(S) ==============


File deleted: C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default\searchplugins\askcom.xml
Folder deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\extensions\vshare@toolbar
File deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\searchplugins\web-search.xml
Folder deleted: C:\Documents and Settings\Wojtek\Dane aplikacji\baidu

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default\Prefs.js --
Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");
Line deleted: user_pref("browser.search.order.1", "Ask.com");
-- File closed --


-- File opened: C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default\Prefs.js --
Line deleted: user_pref("extensions.enabledAddons", "vshare@toolbar:1.0.0,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6...
Line deleted: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,jqs@sun.com:1.0,...
Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jqs@sun.com\":{...
Line deleted: user_pref("extensions.vshare@toolbar.update.enabled", false);
Line deleted: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
Line deleted: user_pref("vshare.install.date", "1296345600000");
Line deleted: user_pref("vshare.install.dumpFileCount", 0);
Line deleted: user_pref("vshare.install.dumpFileDisabled", false);
Line deleted: user_pref("vshare.install.finished", "1.0.0");
Line deleted: user_pref("vshare.install.guid", "{8707343d-2237-4734-9acd-00b952b1c6d0}");
Line deleted: user_pref("vshare.install.isHidden", true);
Line deleted: user_pref("vshare.install.istoolbarhp", true);
Line deleted: user_pref("vshare.install.istoolbarsearch", true);
Line deleted: user_pref("vshare.install.laststatreq", "1310601600000");
Line deleted: user_pref("vshare.install.newtab", true);
Line deleted: user_pref("vshare.install.overlayVersion", 1);
Line deleted: user_pref("vshare.install.userHPSettings", "hxxp://google.pl");
Line deleted: user_pref("vshare.install.userSPSettings", "Google");
-- File closed --


Key deleted: HKU\.DEFAULT\Software\AskToolbar
Key deleted: HKLM\Software\aTube Catcher\OpenCandy
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

-- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\FireFox\Profiles\yzllpzxz.default --
Prefs.js - browser.download.dir, C:\\Documents and Settings\\ADMIN\\Pulpit
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\ADMIN\\Pulpit
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.youtube.com/?gl=PL&hl=pl
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0

-- C:\Documents and Settings\Marek\Dane aplikacji\Mozilla\FireFox\Profiles\kj7uogf3.default --
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Marek\\Pulpit
Prefs.js - browser.startup.homepage, www.start24.pl
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0

-- C:\Documents and Settings\Wiola\Dane aplikacji\Mozilla\FireFox\Profiles\50z41rvv.default --
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Wiola\\Pulpit
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12

-- C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\FireFox\Profiles\xovvkzgl.default --
Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus(R)))
Prefs.js - browser.download.dir, C:\\Documents and Settings\\Wojtek\\Pulpit
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Wojtek\\Pulpit
Prefs.js - browser.search.defaultenginename, Web Search...
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, www.start24.pl
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Internet Explorer Version [6.0.2900.5512] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\APLIKACJE\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\APLIKACJE\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\APLIKACJE\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\APLIKACJE\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\APLIKACJE\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{BB8A9962-452A-4a00-814E-650B96EAA0D2} - C:\Program Files\WebEx\atinst.exe (x)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\APLIKACJE\Veetle\Player\vtl_hfax.exe (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 14 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)

C:\Ad-Report-CLEAN[1].txt - 14/07/2011 14:16:53 (2853 Byte(s))

End at: 14:17:26, 14/07/2011

============== E.O.F ==============
[/log]

3. Raport z SystemLook. I tutaj wyskakuje mi błąd
@poprawka jak wszystko zrobiłem i przeskanowałem OTL to błąd już nie wyskakiwał i mam raport:
[log]SystemLook 04.09.10 by jpshortstuff
Log created at 14:38 on 14/07/2011 by ADMIN
Administrator - Elevation successful

========== filefind ==========

Searching for "arcaVir"
No files found.

Searching for "ArcaBit"
No files found.

========== regfind ==========

Searching for "arcaVir"
[HKEY_CURRENT_USER\Software\ArcaBit\ArcaVir]
[HKEY_CURRENT_USER\Software\ArcaBit\ArcaVir\ArcaVir]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\26E56EF9720D7F743BD2C8CA0620D657]
"ProductName"="ArcaVir"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ArcaVir]
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit]
"RootPath"="C:\APLIKACJE\arcaVir\"
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit\ArcaVir]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ArcaVirShell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7824897-C8DC-49b4-B790-30F7ED16A5FD}]
@="ArcaVir Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7824897-C8DC-49b4-B790-30F7ED16A5FD}\InProcServer32]
@="C:\APLIKACJE\arcaVir\arcavir\avshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ArcaVirShell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2F5B25E-0B3F-43D8-9806-9E35370B9177}\1.0\0\win32]
@="C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Common\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaVir\Engine\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaVir\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaVir\lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaVir\Bases\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\abndis\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Configuration\Default\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Configuration\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaUpdate\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\freeedition\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\freeedition\buttons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\pl\main\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\pl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\elements\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\en\main\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\dialogs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\buttons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\types\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaVir\Bases\main\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\Graph\2011\en\cfg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaTools\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\ArcaAgent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ff\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ff\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\ie\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\APLIKACJE\arcaVir\WebExtensions\opera\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\03254786E7A478C47A928FC2273C38F7]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVConfig.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\051AA24EDC5A9F04AB763C0936E57A0E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0755C7FC720BF1149A0A3C5A1FCB94B2]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\Hibernator.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0EE48F2280E27DB4B871B858135DC3E4]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLogs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\0FAC754898B303149BBEBA2BB32F883F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanCom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\11625A4425C97C446A3D8DD474CA5594]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanScript.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\136B82575C0FD4F4591AE00D7057EA1E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcavir.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\15BF42837B47E82439FE036416910EEE]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABFLT.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1AB0DB449F34A124EBEE49EA38EB9B0E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\avengine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1AD0977840EBD274F8BE860B219E2CCF]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanOle.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1C01A340E305C7B4BBB1874F896B1693]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AvQuar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1C39966E88F9A214FB5176F399798C18]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1D5C9558E1C8C6C40B1F470B7F35DF06]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaDump.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1E755ABD4FA30AD42B35DC612E4F318C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\netscan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\1FD86AA0EC3CB5049AB651FA09465077]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\asres_pl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\20D8D7E988A84654EBD22C73ED1BC81F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaMail.AnswerWindow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2135A34821C2D2C44B4D0E9EC3DDAD08]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\skin\overlay.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\21EB59EBE63D2134C86E903639CDAE2C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLogsViewer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\24ACA9341D000204DB92ECD7E3160DE8]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVUtils.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\27E6568700D6602479D43B84A2A70A7E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\FilesBrowser.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\283B7AC3767B3334BA754E9187D639E4]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBT.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2AE181BEC335FA047A6AD6DCDBD1A3A0]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\abndis\ABNDIS.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\2ECFF528F61F39C4CACE06BB604DAB0E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVASpamTrainer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\316B1DFE84FA1E54698151975E246178]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\lang\eng.atr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3565859EBA1F7BD41A80118D42B1673C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBit.ArcaBackupBrowser.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\367928CE3DA2A93458DAC46A2E26783D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\libeay32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\37713D5CC9EDF4D449A88B5AE1DCD0CC]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3A5171D162097AE41B1B5FCBEBD85B0D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanHeurDM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3CD2F7052560DA642BABEF9EE7701A6F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ie\ArcaIEExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3FC52CF9EA8489A4CB126A7772FA1498]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\facrview.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\40BFA327EC024E648AA5C58871819308]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\buttons\bp.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\45BB83414BAF37943B5F2D3C582C34DA]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanHlp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\45FD6D8E1A011F84FA2660983A481399]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\components\ArcaExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4C06E1AF611D9C749B392A5F816CCCAE]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\elements\arrow.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4D534D318EC00C146BF09C57870BE19C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaStat.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4E1F832D269933E4ABF9A8FC1350066C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\4FD32258436D41046B6DBFA08814F481]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaUpdate\HTTPServ_dll.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\524DF34A33D5BA34ABAE178C7DB37261]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinderAG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\55E1B460431A0884181563F9BA97CB33]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\facproxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\579442CE14FBABB4F91F8C70DE6BB84E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaAgent\ArcaWFC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\57D7A9C064493B747A92A7478AA9C4AE]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaHelp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\582C51DBEDD1A1144B990FE421447B6E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\components\ArcaExt.xpt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\58E988D82D274794BA0E019BED55BC91]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\en\cfg\accesscontrol.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\59A832890D73FD0438858D0FA2223684]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\freeedition\g.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\5A28A0BB2FA555B4E91B4762830C63E5]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Configuration\Default\monitor.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\5B4086B4807B7924ABA0952FAE483049]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ABSlave.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\62DB5460BA447F3498C23B189440AC80]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ProcMan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\635989EEBEA8F0A44B3D394C6CBA7035]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\install.rdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6528B5898A89F304A9841C04BC44B00C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanTrojan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\68E67E196AE28034FA8DEEE6F91C1829]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\MetaProc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6B88D6B66AB332848B26989570A23847]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\pl\main\ap_r.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6CBC2BE60F4C627459A699A405C7E7BB]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\6DF457CD36EF58D418A7D85609DD5C13]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanExe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\70488FBDD249B0248B716F170D735473]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\avcnstat.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\708BBA565B5B77D428DEAB44901D33BD]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVLang.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7203FB20A4D056940AEB679900B27CDA]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\74ABFB1C158B44F4588CB486AD5C770A]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVFix.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\76A5ADB7E7B771D4091441547B11125F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaCfgViewer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\787AC618B9CFAE443887377A1801A29B]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Heur.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\78B5DAFAA61827649BCDF16EFFF59144]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanDialer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\79555AA19119ABE478A797F1A01B21BB]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcadump.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7C609B2ACD2A59D4EBF0A7DDABAA3CAA]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\DiskCheck.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7E4D583130686EF4098904F9CACBD8CD]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ProfilesManager.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\7EB7C99F60D16334484E0C110C386BA2]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVQuarEx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\80F6B0D9EF52D014F9E3D6534F64B033]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVMenu.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\82782732ABF2C3B47BC9F699324593BC]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avtask2.messages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\869E0BE9D0D507442AFCF15E80E39C12]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanMlw.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\86FA9EDC1101CB74AB9A1E1264E18352]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\en\main\sp_g.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\873905A471C9A764987382726E14AC0A]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\types\svp.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8C6FECDC9001D0A4F95D20AF32F54C5D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\BaseManager.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8EDCB363026056A459568A5198B8BA1D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\8EE6810633C19CC4994002FD78E13F83]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\filescan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\93E4F70850F514342A1E4B1D8AA6AE62]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVConvOb.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9440F252E20B72347BF199EDFAC2EC62]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaCoolka.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\955B4E63123CE304ABE2A2BBF934603C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\HTTPContent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9991089E41663274688B5161E3245BCA]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVObject.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\99ED5672BB737044AAF7FF30BC6B4DBE]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Decrypt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\9B76CB2DED700ED4DAB1257C32F94A6B]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanText.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A14983B7EA47379449A17029666F8CD2]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Bases\main\abasetr_f.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A240CB9152F8EE24983BBD0AAB536477]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avbackup.messages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A2B11E64813A4A7428CD8B74F2EA6EF0]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\facd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A5FC303948EE7644FB216E8FE2035388]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\avaspam.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A9C6980667E2FF54384C9E823E0C3CA6]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaRep.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AA26542D6FA6A534BB223A6667454136]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\opera\ArcaBitSkin.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AC6DFBA8CF15E034C8FEF653321221B9]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\avtransl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AD0753FF0A161AB409B51A959542A635]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanExploit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AD89436A4B714B348AB63F85DB00F1BB]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\AVArchOb.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B2C20955F68BEC848BCB4B9C93EAA539]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\HTTPRegx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B371078252B91734287B96B7EB685678]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaAgent\ArcaRemoteSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B3899415AD3DA9E42B7E98F6B22A8043]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaVirMaster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B3D88E48DA05F714D90981DD7FC3CA00]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ssleay32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B440FB89C312A6E478E559F2772A4F1D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Patterns.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B4698B4FBE173D34B8A2360AF9E3793D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\arcabit.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B5127142BBDD44D4184276BD26D10C36]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaAux.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B5F04C7631B4D6B49A369774B77E63A9]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\FindMeta.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B7E915E200049E841A5876EF7A8B3079]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ABSender.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\BB61ED3A9451FB94995D787B77AA32FD]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\AVShell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\BF8AC24383595B14CAEB6625E0121747]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanAux.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C0362DCB6176CB54395F89E21C3B6397]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\abregmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C0503CCDBAF7CB843B0C466D7E526624]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\licntf.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C1FF9DD08BE980549BCF8BBA0A673F52]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ATestCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C5B38E43689F8824DA011A7E2CE62A2D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaBackupBrowserPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CA2B814963AF80046B5E03A7CD7B7A2C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\localps.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CA88F2FFD617C4B4AB712B1D4EB46B67]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\abndis\abndis.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CC42B9A7482562140921EC3C735286D0]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF21E79DCF1A9CD488245DD10C2CFB37]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\HTTPContent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF4D5DE5642033946BBBD9D19ADA8BDC]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaLang.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\CF4D79A096A91164E85BD67AA3B28C1D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\FWReports.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DB4FBADA353D53C439022B1ED5409C74]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ABM.AnswerWindow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DBC01B18263E94140BE0829E4E03767E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\pl\cfg\package.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DC72C692673390743A23B2726E34FC72]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaCmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DDCE1A8371E67D04CBD4B27159D83BD2]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\asres_en.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DDD738881D9F722498ED6AD8DEEE2632]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\ArcaFileManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DEA0A6C23746946419BC74FA01748EF5]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\freeedition\buttons\4b.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DFF394B0F9E863E48ACD6D93C8754A90]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Bases\abasea.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E88A3F7BD4F80F44F9AE1A7F3055A64F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E9473C6D2FEDF0847B88A144A7BB1C24]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF0C0AA7D3C5A6340981B7DC5DF8A873]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderDPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF1C1F47B35C4404C89CA0C5D16E1D3B]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanGeneric.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F32D950B8BC5B144AAA57C16888D0977]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Graph\2011\dialogs\ar.bmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F4977BF18EFBF904886430A4EB88AFE8]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\Cure.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F7E86E3115D1C814EAC97F056B2491C4]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\Engine\ScanEicar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F83B387C38EE04D4D9E9ABDAC9FF5E97]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\abmaster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F8E522721DF8247499BEB9B8461AEC65]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\FA5B17F975932A8428CD77210E780161]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaVir\arcavir.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties]
"DisplayName"="ArcaVir"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties]
"InstallLocation"="C:\APLIKACJE\arcaVir\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{D7824897-C8DC-49b4-B790-30F7ED16A5FD}"="ArcaVir Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}]
"DisplayName"="ArcaVir"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}]
"InstallLocation"="C:\APLIKACJE\arcaVir\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaVir]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaVir\ArcaVir]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Installer\Products\26E56EF9720D7F743BD2C8CA0620D657]
"ProductName"="ArcaVir"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ArcaVir]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module"

Searching for "ArcaBit"
[HKEY_CURRENT_USER\Software\ArcaBit]
[HKEY_CURRENT_USER\Software\ArcaBit\ArcaDump]
"LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\051AA24EDC5A9F04AB763C0936E57A0E]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\20D8D7E988A84654EBD22C73ED1BC81F]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaMail.AnswerWindow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\3565859EBA1F7BD41A80118D42B1673C]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBit.ArcaBackupBrowser.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\37713D5CC9EDF4D449A88B5AE1DCD0CC]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\524DF34A33D5BA34ABAE178C7DB37261]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinderAG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\82782732ABF2C3B47BC9F699324593BC]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avtask2.messages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\A240CB9152F8EE24983BBD0AAB536477]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\arcabit.avbackup.messages.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\AA26542D6FA6A534BB223A6667454136]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\opera\ArcaBitSkin.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\B4698B4FBE173D34B8A2360AF9E3793D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\WebExtensions\ff\chrome\content\arcabit.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\C5B38E43689F8824DA011A7E2CE62A2D]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ArcaBackupBrowserPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\DB4FBADA353D53C439022B1ED5409C74]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.ABM.AnswerWindow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\E9473C6D2FEDF0847B88A144A7BB1C24]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\ArcaTools\PatchFinder\ArcaBit.PatchFinder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\EF0C0AA7D3C5A6340981B7DC5DF8A873]
"26E56EF9720D7F743BD2C8CA0620D657"="C:\APLIKACJE\arcaVir\Common\ArcaBit.PatchFinderDPL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Components\F3FD5836088175A4C8D897D7C5485DEC]
"26E56EF9720D7F743BD2C8CA0620D657"="02:\SOFTWARE\ArcaBit\RootPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1214440339-1343024091-725345543-1004\Products\26E56EF9720D7F743BD2C8CA0620D657\InstallProperties]
"Publisher"="Arcabit Sp z o.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9FE65E62-D027-47F7-B32D-8CAC60026D75}]
"Publisher"="Arcabit Sp z o.o."
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaDump]
"LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml"

-= EOF =-
[/log]

4. Ostatni raport ze skanowania OTL:
[log]
OTL logfile created on: 2011-07-14 14:32:16 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 84,14% Memory free
5,34 Gb Paging File | 4,98 Gb Available in Paging File | 93,25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 70,62 Gb Free Space | 70,62% Space Free | Partition Type: NTFS
Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe
PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe
PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe
PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-02-06 12:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-04-14 12:43:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/?gl=PL&hl=pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M]

[2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions
[2011-07-14 14:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions
[2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) --
[2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-14 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011-07-14 14:09:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller
[2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10
[2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR
[2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt
[2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution
[2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-14 14:19:32 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2011-07-14 14:19:11 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-07-14 14:19:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-07-14 14:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-14 14:17:38 | 018,174,344 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-07-14 14:16:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk
[2011-07-14 14:16:38 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe
[2011-07-14 14:11:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk
[2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 22:23:54 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-14 14:16:44 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk
[2011-07-14 14:16:38 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe
[2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk
[2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat
[2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys
[2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc
[2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc
[2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-27 21:23:11 | 018,174,344 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica
[2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft
[2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics
[2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon
[2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit
[2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl
[2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik
[2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai
[2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent
[2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
[2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software
[2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2011-07-14 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10
[2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica
[2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP
[2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb
[2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva
[2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo
[2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares
[2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10
[2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER
[2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software
[2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit
[2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea
[2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl
[2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM
[2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive
[2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik
[2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency
[2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai
[2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-07-14 14:18:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >
[/log]


Folder z arcaVir jest usunięty za co dziękuję :) . Teraz pozostaje tylko pytanie czy już mogę instalować avasta? Czy zostało jeszcze coś z arcaVira co może przeszkadzać w prawidłowym działaniu innych programów?

wirusolog
komentarz
komentarz

Zostało bardzo dużo kluczy w rejestrze po ArcaVirze.
Spróbój zainstalować Avasta, jeżeli instalacja nie będzie szła, będę próbówał napisać skrypt usuwający wszystkie klucze w rejestrze.

Bando
komentarz
komentarz

Instalacja Avasta się powiodła i właśnie skanuje cały system.
Program anty-cheaterski , tak jak przypuszczałem teraz działa znakomicie.
Co ciekawe pojawił się na nowo prorgam arcaVir na liście w panelu sterowania.
Użyłem prorgamu Revo uninstaler i usunąłem wszystko (wpisy w rejestrze prawdopodobnie też) co jest związane z ArcaVirem.

Wykonałem też dla sprawdzenia czy to już na pewno wszystko skan OTL-em:
[log]
OTL logfile created on: 2011-07-14 15:13:38 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Wojtek\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,50 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 78,50% Memory free
5,34 Gb Paging File | 4,68 Gb Available in Paging File | 87,79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 70,48 Gb Free Space | 70,48% Space Free | Partition Type: NTFS
Drive D: | 66,44 Gb Total Space | 22,62 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Drive E: | 66,44 Gb Total Space | 66,26 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Computer Name: WOJTEKDOM | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
PRC - [2011-07-12 16:37:24 | 002,764,800 | ---- | M] (Turtle Entertainment GmbH) -- C:\APLIKACJE\EslWire\wire.exe
PRC - [2011-07-11 12:35:10 | 000,232,960 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\AvastUI.exe
PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\AvastSvc.exe
PRC - [2011-06-22 15:38:32 | 000,024,480 | ---- | M] () -- C:\APLIKACJE\EslWire\inGame32.exe
PRC - [2011-06-22 15:38:30 | 000,388,096 | ---- | M] () -- C:\APLIKACJE\EslWire\dbus-daemon.exe
PRC - [2011-06-01 15:15:30 | 000,537,184 | ---- | M] () -- C:\APLIKACJE\Gadu-Gadu 10\open-fm.exe
PRC - [2011-03-18 20:04:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\firefox.exe
PRC - [2011-03-18 20:04:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\APLIKACJE\Mozilla\plugin-container.exe
PRC - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) -- C:\APLIKACJE\Diskeeper\DkService.exe
PRC - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-05-30 22:26:57 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-21 12:14:30 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008-05-19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [emoteRegistry]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-09-03 09:52:22 | 016,841,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-07-14 10:29:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojtek\Pulpit\OTL.exe
MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\APLIKACJE\avast\snxhk.dll
MOD - [2011-06-22 15:38:30 | 000,447,904 | ---- | M] () -- C:\APLIKACJE\EslWire\inGame32.dll
MOD - [2011-01-21 16:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-12-20 19:32:08 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-07-11 12:35:10 | 000,232,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\APLIKACJE\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-10-01 22:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\APLIKACJE\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011-06-22 15:38:26 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011-01-15 20:24:39 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-10-24 13:47:26 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010-09-22 11:10:18 | 000,044,368 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010-04-27 21:25:32 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-28 12:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/?gl=PL&hl=pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\APLIKACJE\SubEdit-Player\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\APLIKACJE\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\APLIKACJE\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\APLIKACJE\avast\WebRep\FF [2011-07-14 15:03:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\APLIKACJE\Mozilla\components [2011-06-08 23:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\APLIKACJE\Mozilla\plugins [2011-06-08 23:26:57 | 000,000,000 | ---D | M]

[2010-04-27 22:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Extensions
[2011-07-14 14:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions
[2011-03-12 13:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN\Dane aplikacji\Mozilla\Firefox\Profiles\yzllpzxz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) --
[2010-04-28 13:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-23 12:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\APLIKACJE\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-04-28 13:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010-05-14 14:24:28 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\APLIKACJE\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [H/PC Connection Agent] File not found
O4 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005..\Run: [PPAP] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1214440339-1343024091-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.25.186.2 85.14.66.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-27 20:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell - "" = AutoRun
O33 - MountPoints2\{90b0d187-52f6-11df-8257-001fd06c7f42}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-07-14 15:03:38 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-07-14 15:03:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-07-14 15:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus
[2011-07-14 15:03:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-07-14 15:03:36 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-07-14 15:03:36 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-07-14 15:03:36 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-07-14 15:03:36 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-07-14 15:03:35 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-07-14 15:03:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-14 15:03:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-07-14 15:03:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-07-14 15:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2011-07-14 14:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\ESL Wire Game Client
[2011-07-14 14:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011-07-14 14:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ESL Wire
[2011-07-14 14:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESL Wire
[2011-07-14 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011-07-14 14:09:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-14 08:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\Revo Uninstaller
[2011-07-14 08:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\.gstreamer-0.10
[2011-07-14 08:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-11 03:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\aTube Catcher
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Start\Programy\WinRAR
[2011-05-30 18:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\WinRAR
[2011-05-30 18:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011-05-28 22:16:55 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-05-28 22:14:50 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2011-05-23 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011-05-23 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011-05-23 21:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011-05-23 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011-05-23 21:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\cYo
[2011-05-22 22:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2011-05-22 22:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\CrashRpt
[2011-05-22 22:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2011-05-22 22:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\RapidSolution
[2010-05-26 21:04:39 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-07-14 15:03:38 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk
[2011-07-14 15:03:36 | 000,002,635 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-07-14 14:52:48 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ESL Wire.lnk
[2011-07-14 14:51:26 | 000,205,398 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-07-14 14:51:17 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2011-07-14 14:19:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-07-14 14:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-14 14:17:38 | 018,174,344 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-07-14 14:16:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk
[2011-07-14 14:16:38 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe
[2011-07-14 14:11:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2011-07-14 08:32:02 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:18:42 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-07-14 06:58:25 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-14 01:21:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-07-12 00:58:58 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-07-11 12:35:10 | 000,232,960 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011-07-08 14:11:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-06 19:16:02 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper 2010.lnk
[2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-07-04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-07-04 13:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-07-04 13:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-06-22 15:38:26 | 000,812,448 | ---- | M] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011-06-22 15:38:26 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) -- C:\WINDOWS\System32\drivers\ESLvnic.sys
[2011-06-20 10:25:26 | 001,211,698 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-06-20 10:25:26 | 000,556,014 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-06-20 10:25:26 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-20 10:25:26 | 000,105,170 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-06-20 10:25:26 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-11 03:16:07 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-08 23:28:47 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-05-25 09:43:36 | 000,069,680 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2011-05-23 21:10:04 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:10 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 21:49:43 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-14 15:03:38 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk
[2011-07-14 14:52:52 | 000,232,960 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011-07-14 14:52:48 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ESL Wire.lnk
[2011-07-14 14:16:44 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\AD-R.lnk
[2011-07-14 14:16:38 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\SystemLook.exe
[2011-07-14 08:32:02 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\Revo Uninstaller.lnk
[2011-07-14 08:15:51 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Pulpit\setup_av_free.exe
[2011-06-11 03:16:07 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Video Search.lnk
[2011-06-11 03:16:04 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\aTube Catcher.lnk
[2011-06-08 23:28:47 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2011-06-08 23:28:47 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2011-06-08 23:28:09 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2011-05-23 21:10:04 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Network Magic.lnk
[2011-05-23 21:10:04 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Network Magic.lnk
[2011-05-23 21:09:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi
[2011-05-22 23:01:50 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE648-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE647-5239-11DF-9D32-806D6172696F}.dat
[2011-04-09 19:42:35 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{485BE646-5239-11DF-9D32-806D6172696F}.dat
[2011-01-15 20:24:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-10-09 14:59:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-29 20:42:22 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-25 14:31:00 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2010-05-30 22:11:50 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-05-30 22:11:50 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys
[2010-05-30 22:11:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-05-30 22:11:33 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-05-30 22:10:22 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini
[2010-05-26 22:51:21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\$_hpcst$.hpc
[2010-05-08 15:18:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ADMIN\Dane aplikacji\$_hpcst$.hpc
[2010-04-27 22:47:02 | 001,211,698 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-27 22:47:02 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-27 22:44:26 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-27 22:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-27 22:06:18 | 000,069,680 | ---- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-27 21:23:11 | 018,174,344 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-27 21:23:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-04-27 21:21:34 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010-04-27 20:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-27 20:55:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-04-27 20:54:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-04-27 20:54:29 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-04-27 20:53:25 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-04-27 20:53:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-04-27 20:53:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-04-27 20:52:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-04-27 20:52:31 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-11-16 18:33:38 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2008-10-21 12:14:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-10-21 12:14:30 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-10-21 12:14:30 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-21 12:14:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-10-21 12:14:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-10-21 12:14:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-21 12:14:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-10-21 12:14:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-10-21 12:14:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008-10-21 12:14:30 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-06-05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2006-03-02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 14:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006-03-02 14:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 14:00:00 | 000,556,014 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 14:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006-03-02 14:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 14:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006-03-02 14:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006-03-02 14:00:00 | 000,105,170 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006-03-02 14:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006-03-02 14:00:00 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2006-03-02 14:00:00 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2006-03-02 14:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006-03-02 14:00:00 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 14:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006-03-02 14:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006-03-02 14:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2006-03-02 14:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006-03-02 14:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006-03-02 14:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006-03-02 14:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006-03-02 14:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006-03-02 14:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006-03-02 14:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 14:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006-03-02 14:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006-03-02 14:00:00 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2006-03-02 14:00:00 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2006-03-02 14:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006-03-02 14:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006-03-02 14:00:00 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2006-03-02 14:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006-03-02 14:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006-03-02 14:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006-03-02 14:00:00 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2006-03-02 14:00:00 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2006-03-02 14:00:00 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2006-03-02 14:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006-03-02 14:00:00 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2006-03-02 14:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2006-03-02 14:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006-03-02 14:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 14:00:00 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2006-03-02 14:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006-03-02 14:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 14:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006-03-02 14:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006-03-02 14:00:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2006-03-02 14:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2006-03-02 14:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-03-02 14:00:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 14:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006-03-02 14:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-05-02 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Acoustica
[2010-06-09 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\aHisoft
[2010-10-24 13:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Auslogics
[2010-12-01 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Canon
[2011-05-22 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\cYo
[2010-09-29 20:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\IObit
[2010-05-12 19:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\o2.pl
[2011-07-14 08:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\OpenFM
[2011-06-08 23:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\Spik
[2010-11-26 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\SteelSeries Xai
[2010-10-24 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Dane aplikacji\uTorrent
[2010-04-27 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2011-07-14 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2010-08-19 16:31:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2011-03-07 21:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
[2010-10-08 19:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2011-07-14 14:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESL Wire
[2010-04-28 21:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-04-17 22:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software
[2010-09-29 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2011-07-14 14:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-06-03 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2011-05-22 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RapidSolution
[2010-08-11 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\Gadu-Gadu 10
[2010-05-02 23:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Acoustica
[2010-11-18 21:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\AIMP
[2010-10-01 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cacaoweb
[2010-06-25 14:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Conceiva
[2011-01-25 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\cYo
[2011-01-02 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Frogwares
[2010-04-28 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Gadu-Gadu 10
[2010-05-19 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\GHISLER
[2011-04-17 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\id Software
[2010-08-20 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\IObit
[2010-05-28 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Moyea
[2010-05-12 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\o2.pl
[2010-04-29 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\OpenFM
[2010-11-14 03:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\PPLive
[2010-08-27 18:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spik
[2010-08-20 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\Spy Emergency
[2010-11-26 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\SteelSeries Xai
[2011-07-13 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wojtek\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-27 21:21:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2006-03-02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-04-27 20:55:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-27 20:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-10-05 20:15:06 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-07-14 14:18:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006-03-02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006-03-02 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006-03-02 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010-10-05 20:12:49 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006-03-02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006-03-02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006-03-02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006-03-02 14:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >
[/log]





Mam nadzieję że pozbyłem się tego niefortunnego programu raz na zawsze.
Jeśli tak nie jest , to mogę spodziewać się dalszych niespodzianek ze strony ArcaVira ? Czy śmieci w rejestrze są nieszkodliwe?
Dziękuję też za pomoc i czas poświęcony mojemu problemowi :)

wirusolog
komentarz
komentarz

No to wklej to samo w SystemLook co w poście #2, punkcie 4.
Pokaż raport.

Bando
komentarz
komentarz

Tutaj raport:
[log] SystemLook 04.09.10 by jpshortstuff
Log created at 16:24 on 14/07/2011 by ADMIN
Administrator - Elevation successful

========== filefind ==========

Searching for "arcaVir"
No files found.

Searching for "ArcaBit"
No files found.

========== regfind ==========

Searching for "arcaVir"
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit]
"RootPath"="C:\APLIKACJE\arcaVir\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\ADMIN\Menu Start\Programy\ArcaVir\"=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\APLIKA~1\DISKEE~1\;C:\APLIKACJE\arcaVir\Common\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABConfSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaConfSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ABMainSV]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ArcaMainSV.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVBackup]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaTools\ArcaBackup\ArcaBackupService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVTasks2]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\Common\ArcaTasksService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVUpdate]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaUpdate\update.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ABTDI]
"EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;C:\APLIKACJE\arcaVir\ArcaVir\ABTDI.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_drv]
"ImagePath"="\??\C:\APLIKACJE\arcaVir\ArcaVir\ps_drv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50001:TCP"="50001:TCP:*:Enabled:ArcaVir CommunicationPort (S)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP"="50000:TCP:*:Enabled:ArcaVir CommunicationPort (A)"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit\ArcaVir]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit\ArcaVir\ArcaVir]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaVir\AVMenu.exe"="ArcaVir Tray Module"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaVir\ArcaAux.exe"="ArcaVir Aux Module"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\Common\hibernator.exe"="ArcaBit Hibernator Module"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaVir\licntf.exe"="ArcaVir LicNtf"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaVir\arcavir.exe"="ArcaVir Main Module"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\ArcaUpdate\exec\update_tmp.exe"="Update Module"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\arcaagent\arcaremotesvc.exe"="ArcaVir Control Module"

Searching for "ArcaBit"
[HKEY_CURRENT_USER\Software\ArcaBit]
[HKEY_CURRENT_USER\Software\ArcaBit\ArcaDump]
"LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\ArcaBit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\"="1"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1004\Software\ArcaBit\ArcaDump]
"LastDumpPath"="C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit\Logs\Arcadump\20110528-221627\raport.20110528-221627.xml"
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\ArcaBit]
[HKEY_USERS\S-1-5-21-1214440339-1343024091-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\APLIKACJE\arcaVir\Common\hibernator.exe"="ArcaBit Hibernator Module"

-= EOF =-
[/log]

wirusolog
komentarz
komentarz

Trochę kluczy zostało, ale nie daje ich do usuwania.

Uruchom OTL i wciśnij [b]Sprzątanie[/b] / w Ad-Remover wciśnij przycisk [b]UNINSTALL[/b].

To wszystko.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.