Mitgethar utworzono 30 sierpnia 2011 utworzono 30 sierpnia 2011 (edytowane) Witam. Od jakiegoś tygodnia mam problem z Qooqle. Logi: OTL: [log]OTL logfile created on: 2011-08-30 09:46:18 - Run 1 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,71% Memory free 4,24 Gb Paging File | 2,95 Gb Available in Paging File | 69,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 2,74 Gb Free Space | 4,01% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,14% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe PRC - [2011-08-27 14:42:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-08-25 16:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe PRC - [2011-08-25 16:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe PRC - [2011-08-09 20:55:50 | 009,118,208 | ---- | M] (Creative Team S.A.) -- D:\Programy\WapSter AQQ\AQQ.exe PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-08-27 14:42:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-08-10 22:00:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll MOD - [2011-08-10 21:00:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll MOD - [2011-08-10 21:00:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll MOD - [2011-08-10 21:00:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll MOD - [2011-08-10 20:59:58 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll MOD - [2011-08-10 20:59:00 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll MOD - [2011-08-10 13:57:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll MOD - [2011-07-18 12:02:10 | 000,577,536 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet1.dll MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2009-06-19 23:47:52 | 000,293,888 | ---- | M] () -- C:\Users\MY\WapSter\AQQ Folder\Profiles\Maciek\Plugins\SpellChecker.dll MOD - [2009-03-30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (WinService) SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-27 14:42:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M] [2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions [2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions [2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml [2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-08-27 14:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [csrs] C:\ProgramData\csrs.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [winloqon] C:\ProgramData\winloqon.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKCU..\Run: [Raptr] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-08-30 09:42:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe [2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data [2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic [2011-08-25 16:17:10 | 000,339,968 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe [2011-08-25 16:17:10 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe [2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy [2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield [2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh [2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares [2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe [2011-08-30 08:50:05 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-08-30 08:34:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-08-30 08:34:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-08-30 08:34:41 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-08-30 08:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-08-30 08:34:30 | 2144,948,224 | -HS- | M] () -- C:\hiberfil.sys [2011-08-30 08:32:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-08-29 13:24:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011-08-29 13:24:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011-08-29 10:08:27 | 003,652,902 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0017.tif [2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel [2011-08-29 10:05:46 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-08-29 10:05:46 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-08-29 10:05:46 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-08-29 10:05:46 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-08-28 21:53:12 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-27 23:33:58 | 004,574,595 | R--- | M] () -- C:\Users\MY\Desktop\Słoń - Love forever.mp3 [2011-08-25 16:17:09 | 006,855,168 | RHS- | M] () -- C:\Program Files\Common Files\svhost.exe [2011-08-25 16:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe [2011-08-25 16:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe [2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011-08-07 12:39:29 | 000,249,215 | ---- | M] () -- C:\Users\MY\Desktop\972e8029-2d51-4592-b1f3-1dd67db718df_item.apk [2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011-07-31 17:00:51 | 001,083,726 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0002.jpg [2011-07-31 16:59:01 | 001,174,043 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0001.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel [2011-08-29 10:06:44 | 003,652,902 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0017.tif [2011-08-27 23:33:40 | 004,574,595 | R--- | C] () -- C:\Users\MY\Desktop\Słoń - Love forever.mp3 [2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-08-25 16:17:10 | 006,855,168 | RHS- | C] () -- C:\Program Files\Common Files\svhost.exe [2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-07 12:39:28 | 000,249,215 | ---- | C] () -- C:\Users\MY\Desktop\972e8029-2d51-4592-b1f3-1dd67db718df_item.apk [2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-07-31 17:01:25 | 001,083,726 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0002.jpg [2011-07-31 16:59:13 | 001,174,043 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0001.jpg [2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3 [2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1 [2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0 [2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2 [2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll [2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll [2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll [2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat [2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll [2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat [2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat [2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV < End of report > [/log] Extras: [log]OTL Extras logfile created on: 2011-08-30 09:46:18 - Run 1 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,71% Memory free 4,24 Gb Paging File | 2,95 Gb Available in Paging File | 69,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 2,74 Gb Free Space | 4,01% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,14% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system | "{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system | "{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe | "{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe | "{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system | "{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe | "{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe | "{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe | "{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe | "{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe | "{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe | "{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe | "TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe | "TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe | "TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe | "TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe | "UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe | "UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe | "UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | "UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe | "UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "BabylonToolbar" = Babylon toolbar "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0 "Cheat Engine 6.0_is1" = Cheat Engine 6.0 "Combat Arms EU" = Combat Arms EU "conduitEngine" = Conduit Engine "CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Driver Cleaner" = Driver Cleaner 3 "Eurobattle.net1.24b" = Eurobattle.net "Football Manager 2011 Russian" = Football Manager 2011 Russian "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full) "MahJong Suite_is1" = MahJong Suite 2009 v6.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl) "SopCast" = SopCast 3.3.2 "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Tunngle beta_is1" = Tunngle beta "UltraISO_is1" = UltraISO Premium V9.36 "Veetle TV" = Veetle TV 0.9.18 "vShare.tv plugin" = vShare.tv plugin 1.3 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.10 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f. Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002 Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff Godzina zakończenia: 18 Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227 Description = Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56. Error - 2011-08-30 03:18:37 | Computer Name = MY-PC | Source = Application Hang | ID = 1002 Description = Program firefox.exe w wersji 6.0.0.4240 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: b40 Godzina rozpoczęcia: 01cc66e22ac22a76 Godzina zakończenia: 64 [ System Events ] Error - 2011-08-25 10:21:15 | Computer Name = MY-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:19:54 na 2011-08-25 było nieoczekiwane. Error - 2011-08-25 15:13:49 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-26 18:01:15 | Computer Name = MY-PC | Source = DCOM | ID = 10016 Description = Error - 2011-08-26 18:01:17 | Computer Name = MY-PC | Source = DCOM | ID = 10016 Description = Error - 2011-08-26 18:01:18 | Computer Name = MY-PC | Source = DCOM | ID = 10016 Description = Error - 2011-08-27 01:06:49 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-28 15:14:27 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-29 00:05:05 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.104 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-29 02:17:57 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-08-29 15:13:56 | Computer Name = MY-PC | Source = Dhcp | ID = 1002 Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.100 dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK). < End of report > [/log] RSIT: [log]Logfile of random's system information tool 1.09 (written by random/random) Run by MY at 2011-08-30 09:52:44 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 3 GB (4%) free of 70 GB Total RAM: 2047 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:52:53, on 2011-08-30 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\ProgramData\csrs.exe C:\ProgramData\winloqon.exe D:\Programy\WapSter AQQ\AQQ.exe D:\Programy\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\MY\Desktop\RSIT.exe C:\Program Files\trend micro\MY.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [csrs] %ALLUSERSPROFILE%\csrs.exe O4 - HKLM\..\Run: [svhost] %COMMONPROGRAMFILES%\svhost.exe O4 - HKLM\..\Run: [winloqon] %ALLUSERSPROFILE%\winloqon.exe O4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Startup: GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe O4 - Startup: OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programy\Tunngle\TnglCtrl.exe O23 - Service: WinService - Unknown owner - C:\Windows\help\svchost.exe (file missing) -- End of file - 8248 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "google.com" prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2, cssreloader@kenneth.io:1.0.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10" prefs.js - "keyword.URL" - "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0] "Description"=npganymedenet "Path"=C:\Program Files\Ganymede\Plugins\npganymedenet.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame] "Description"=Nexon Game Controller 1.0.0.1 "Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18] "Description"=Veetle TV Core "Path"=C:\Program Files\Veetle\plugins\npVeetle.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18] "Description"=Veetle TV Player "Path"=C:\Program Files\Veetle\Player\npvlc.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll npganymedenet.dll npganymedenet.xpt nppdf32.dll npvsharetvplg.dll npwachk.dll C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml babylon.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\ search.xml startsear.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\Programy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-12-09 3911776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712] {ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-12-09 3911776] {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] {98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760] {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-03 9726568] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "csrs"=C:\ProgramData\csrs.exe [2011-08-25 339968] "svhost"=C:\Program Files\Common Files\svhost.exe [2011-08-25 6855168] "winloqon"=C:\ProgramData\winloqon.exe [2011-08-25 331776] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AQQ"=D:\Programy\WAPSTE~1\AQQ.exe [2011-08-09 9118208] "SpybotSD TeaTimer"=D:\Programy\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe --startup [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup GameRanger.lnk - C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe OpenOffice.org 3.2.lnk - D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.VP70"=vp7vfw.dll "VIDC.XVID"=xvidvfw.dll "VIDC.LAGS"=lagarith.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "vidc.iv41"=Ir41_32.ax "vidc.iv50"=Ir50_32.dll ======List of files/folders created in the last 1 month====== 2011-08-30 09:52:45 ----D---- C:\Program Files\trend micro 2011-08-30 09:52:44 ----D---- C:\rsit 2011-08-27 20:09:31 ----D---- C:\Program Files\vShare.tv plugin 2011-08-26 09:21:45 ----D---- C:\Data 2011-08-25 22:50:15 ----A---- C:\Windows\system32\yv12vfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidvfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidcore.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\vp7vfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\lagarith.dll 2011-08-25 22:50:15 ----A---- C:\Windows\avisplitter.ini 2011-08-25 22:50:14 ----A---- C:\Windows\system32\ff_vfw.dll 2011-08-25 22:50:12 ----D---- C:\Program Files\K-Lite Codec Pack 2011-08-25 16:25:05 ----D---- C:\Users\MY\AppData\Roaming\Media Player Classic 2011-08-25 16:17:10 ----RASH---- C:\ProgramData\winloqon.exe 2011-08-25 16:17:10 ----RASH---- C:\ProgramData\csrs.exe 2011-08-25 16:17:10 ----RASH---- C:\Program Files\Common Files\svhost.exe 2011-08-23 22:30:04 ----A---- C:\Windows\system32\tzres.dll 2011-08-16 21:24:51 ----D---- C:\Users\MY\AppData\Roaming\InstallShield 2011-08-10 01:14:35 ----A---- C:\Windows\system32\winsrv.dll 2011-08-10 01:14:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2011-08-10 01:14:32 ----A---- C:\Windows\system32\wininet.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\urlmon.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\url.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtmled.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtml.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\iertutil.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\mstime.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\msfeeds.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\iepeers.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieframe.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieapfltr.dll 2011-08-10 01:14:23 ----A---- C:\Windows\system32\xmllite.dll 2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntoskrnl.exe 2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntkrnlpa.exe 2011-08-10 01:14:16 ----A---- C:\Windows\system32\drivers\tcpip.sys ======List of files/folders modified in the last 1 month====== 2011-08-30 09:52:53 ----D---- C:\Windows\Prefetch 2011-08-30 09:52:49 ----D---- C:\Windows\Temp 2011-08-30 09:52:45 ----RD---- C:\Program Files 2011-08-30 08:36:24 ----D---- C:\Windows\System32 2011-08-30 08:35:51 ----D---- C:\Windows\system32\Tasks 2011-08-30 08:18:28 ----SHD---- C:\System Volume Information 2011-08-29 13:21:36 ----D---- C:\Windows\Tasks 2011-08-29 10:05:46 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-08-29 10:05:45 ----D---- C:\Windows\inf 2011-08-27 14:42:28 ----D---- C:\Program Files\Mozilla Firefox 2011-08-27 00:02:30 ----SHD---- C:\$Recycle.Bin 2011-08-26 00:33:13 ----D---- C:\Users\MY\AppData\Roaming\Azureus 2011-08-25 22:50:15 ----D---- C:\Windows 2011-08-25 16:21:40 ----D---- C:\Windows\system32\catroot2 2011-08-25 16:17:10 ----HD---- C:\ProgramData 2011-08-25 16:17:10 ----D---- C:\Program Files\Common Files 2011-08-24 09:40:04 ----D---- C:\Windows\rescache 2011-08-24 09:28:33 ----D---- C:\Windows\winsxs 2011-08-24 09:28:32 ----D---- C:\Windows\system32\pl-PL 2011-08-23 22:27:20 ----D---- C:\Windows\system32\catroot 2011-08-21 23:09:19 ----D---- C:\Users\MY\AppData\Roaming\Skype 2011-08-16 21:30:18 ----RSD---- C:\Windows\assembly 2011-08-16 21:25:52 ----HD---- C:\Program Files\InstallShield Installation Information 2011-08-10 22:19:35 ----D---- C:\Windows\Microsoft.NET 2011-08-10 15:59:59 ----D---- C:\Windows\system32\drivers 2011-08-10 15:59:58 ----D---- C:\Program Files\Windows Mail 2011-08-10 13:57:36 ----A---- C:\Windows\system32\mrt.exe 2011-08-10 13:57:19 ----SHD---- C:\Windows\Installer 2011-08-10 13:57:18 ----HD---- C:\Config.Msi 2011-08-03 21:05:33 ----RD---- C:\Program Files\Skype 2011-08-03 21:05:16 ----D---- C:\ProgramData\Skype 2011-08-03 21:04:28 ----D---- C:\Users\MY\AppData\Roaming\skypePM 2011-07-31 16:59:17 ----D---- C:\Users\MY\AppData\Roaming\Image Zone Express ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 691696] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Programy\UltraISO\drivers\ISODrive.sys [2010-01-29 82320] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-03 3185640] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656] R3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 a622dt4t;a622dt4t; C:\Windows\system32\drivers\a622dt4t.sys [] S3 Dot4;Sterownik MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Sterownik klasy drukowania dla IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 TunngleService;TunngleService; D:\Programy\Tunngle\TnglCtrl.exe [2010-11-22 718072] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-08-15 2151640] S2 WinService;WinService; C:\Windows\help\svchost.exe configuration [] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176] S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- [/log] INFO: [log]info.txt logfile of random's system information tool 1.09 2011-08-30 09:52:56 ======Uninstall list====== -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->D:\Programy\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Ad-Aware-->"C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Archiwizator WinRAR-->D:\Programy\WinaRAR\uninstall.exe Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Babylon toolbar-->"C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe" Bejeweled 2 Deluxe 1.0-->D:\Gry\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "D:\Gry\PopCap Games\Bejeweled 2 Deluxe\Install.log" Cheat Engine 6.0-->"C:\Program Files\Cheat Engine 6\unins000.exe" Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746} Crysis® 2 Demo-->MsiExec.exe /X{1BF4CB15-6055-452A-8487-021AE2D91208} CS16 Full v32.1 Non-Steam-->D:\Gry\CS\Uninstal.exe DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Driver Cleaner 3-->C:\Program Files\Driver Cleaner\Uninst.exe Eurobattle.net-->"C:\Windows\Eurobattle.net\uninstall.exe" "/U:D:\Gry\Warcraft III\Uninstall\uninstall.xml" FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C} FlatOut2-->C:\Program Files\InstallShield Installation Information\{4EB106F5-110F-4E96-BCBA-1687AE57A04E}\setup.exe -runfromtemp -l0x0015 -removeonly Football Manager 2011 Russian-->"D:\Gry\FM11\Uninstall_Football Manager 2011 Russian\Uninstall Football Manager 2011 Russian.exe" GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe GIMP 2.6.10-->"D:\Programy\GIMP-2.0\setup\unins000.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.215\Installer\setup.exe" --uninstall --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} ImgBurn-->"D:\Programy\ImgBurn\uninstall.exe" Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0} Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF} K-Lite Codec Pack 7.6.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" League of Legends-->"C:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x040c -removeonly LOST PLANET COLONIES-->MsiExec.exe /X{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322} MahJong Suite 2009 v6.1-->"D:\Gry\MahJong Suite\unins000.exe" Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Mozilla Firefox 6.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91045} NSIS Example2-->"D:\Gry\Tibia Auto\uninstall.exe" NVIDIA Sterownik graficzny 266.58-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9} Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED} SopCast 3.3.2-->D:\Programy\SopCast\uninst.exe Spybot - Search & Destroy-->"D:\Programy\Spybot - Search & Destroy\unins000.exe" SweetIM for Messenger 3.3-->MsiExec.exe /X{1D301950-EA2F-4882-9AA0-49467756842A} SweetIM Toolbar for Internet Explorer 3.9-->MsiExec.exe /X{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24} System Requirements Lab CYRI-->MsiExec.exe /I{1F77C418-2C90-459C-BD33-B56A4182B9FA} Tibia-->"D:\Gry\Tibia\unins000.exe" Total Video Converter 3.11 070908-->"D:\Programy\Total Video Converter\unins000.exe" Tunngle beta-->"D:\Programy\Tunngle\unins000.exe" UltraISO Premium V9.36-->"D:\Programy\UltraISO\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VDownloader 3.0.733-->"D:\Programy\VDownloader\unins000.exe" Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe Vuze Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNWISE.EXE /U C:\PROGRA~1\VUZE_R~1\INSTALL.LOG Vuze-->C:\Program Files\Vuze\uninstall.exe WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Winamp-->"D:\Programy\Winamp\UninstWA.exe" Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe" ======Security center information====== AV: Lavasoft Ad-Watch Live! Anti-Virus (disabled) AS: Lavasoft Ad-Watch Live! (disabled) AS: Windows Defender ======System event log====== Computer Name: MY-PC Event Code: 4376 Message: Obsługa zażądała ponownego uruchomienia w celu ukończenia operacji nadawania pakietowi KB969947(Security Update) stanu Zainstalowany(Installed). Record Number: 81023 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210250.000000-000 Event Type: Ostrzeżenie User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-32_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested). Record Number: 81022 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210250.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4376 Message: Obsługa zażądała ponownego uruchomienia w celu ukończenia operacji nadawania pakietowi KB969947(Security Update) stanu Zainstalowany(Installed). Record Number: 81021 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210250.000000-000 Event Type: Ostrzeżenie User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-41_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested). Record Number: 81020 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210250.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-40_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested). Record Number: 81019 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210250.000000-000 Event Type: Informacje User: MY-PC\MY =====Application event log===== Computer Name: 26L2233B2-11 Event Code: 1003 Message: Usługa Windows Search została uruchomiona. Record Number: 5 Source Name: Microsoft-Windows-Search Time Written: 20101230221730.000000-000 Event Type: Informacje User: Computer Name: 26L2233B2-11 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20101230221729.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20101230221725.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 900 Message: Usługa licencjonowania oprogramowania jest uruchamiana. Record Number: 2 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20101230221724.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101230221724.000000-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM =====Security event log===== Computer Name: MY-PC Event Code: 5032 Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci. Kod błędu: 2 Record Number: 2573 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110108163051.357299-000 Event Type: Niepowodzenie inspekcji User: Computer Name: MY-PC Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 2572 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110108152942.183299-000 Event Type: Sukces inspekcji User: Computer Name: MY-PC Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: MY-PC$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x284 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2571 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110108152942.183299-000 Event Type: Sukces inspekcji User: Computer Name: MY-PC Event Code: 4648 Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: MY-PC$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Konto, którego poświadczenia zostały użyte: Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Serwer docelowy: Nazwa serwera docelowego: localhost Informacje dodatkowe: localhost Informacje o procesie: Identyfikator procesu: 0x284 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Adres sieciowy: - Port: - To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS. Record Number: 2570 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110108152942.183299-000 Event Type: Sukces inspekcji User: Computer Name: MY-PC Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 2569 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110108151452.168099-000 Event Type: Sukces inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "configsetroot"=%SystemRoot%\ConfigSetRoot "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF----------------- [/log]
Gość komentarz 30 sierpnia 2011 komentarz 30 sierpnia 2011 (edytowane) [b]1[/b]. Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [php]:Files C:\ProgramData\csrs.exe C:\ProgramData\winloqon.exe C:\Program Files\Common Files\svhost.exe :Services WinService :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=18606 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) FF - prefs.js..browser.search.selectedEngine: "qooqlle" O4 - HKLM..\Run: [csrs] C:\ProgramData\csrs.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe () O4 - HKLM..\Run: [winloqon] C:\ProgramData\winloqon.exe (Created with WinAutomation (http://www.WinAutomation.com)) O4 - HKCU..\Run: [Raptr] File not found O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE @Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV :Commands [emptyflash] [emptytemp][/php] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. [b]2[/b]. Pobierz Ad-remover [color="#0000FF"][b] [url="http://www.teamxscript.org/too/AD-R.exe"]KLIK[/url][/b][/color] i daj log z opcji SCAN. Wykonaj nowe logi z OTL. 1
Mitgethar komentarz 30 sierpnia 2011 Autor komentarz 30 sierpnia 2011 W międzyczasie kiedy odpisywałeś na mojego posta byłem poza domem, kiedy wróciłem i włączyłem komputer, już nie działał. Na początku były tylko przeglądarki, na stronie startowej włączały się pornole.. Komputer włącza się normalnie. Po obrazie z napisem "Zapraszamy" widzę tylko czarny ekran i myszkę, nie widzę pulpitu, oraz wyskakuję błąd "Not found" Mam system Vista. Co mam zrobić w takim wypadku?!
Gość komentarz 30 sierpnia 2011 komentarz 30 sierpnia 2011 [quote]Co mam zrobić w takim wypadku?! [/quote] startuj do trybu awaryjnego [b]F8[/b] 1
Mitgethar komentarz 30 sierpnia 2011 Autor komentarz 30 sierpnia 2011 Kiedy włączam w trybie awaryjnym zgodnie z Twoją instrukcją dzieje się to samo, nie mam pulpitu.
Gość komentarz 30 sierpnia 2011 komentarz 30 sierpnia 2011 Z tego co widzę masz dostęp do innego kompa i netu. Pobierz gotową OTLPe [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/[/url] Nagraj na CD i spróbuj z niej wystartować na kompa. Przeczytaj uważnie temat. Jak się uda potrzebny bedzie pendrajw, na którym podasz logi do wykonania. 1
Mitgethar komentarz 30 sierpnia 2011 Autor komentarz 30 sierpnia 2011 Tak, teraz siedze na laptopie, mam pytanie, czy to może być płyta RW ? Bo nie mam innych aktualnie..
Mitgethar komentarz 30 sierpnia 2011 Autor komentarz 30 sierpnia 2011 (edytowane) Udało się! Oto OTL: [log] OTL logfile created on: 8/31/2011 12:39:55 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68.36 Gb Total Space | 4.54 Gb Free Space | 6.64% Space Free | Partition Type: NTFS Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto] -- -- (WinService) SRV - File not found [Auto] -- -- (TunngleService) SRV - File not found [On_Demand] -- -- (NBService) SRV - [2011/08/15 09:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [File_System | System] -- -- (ISODrive) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt) DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/12/31 08:49:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009/09/16 02:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1 IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/ IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\MY_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\MY_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKU\MY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/27 08:42:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 14:09:31 | 000,000,000 | ---D | M] [2010/12/30 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Extensions [2011/08/25 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\extensions [2011/08/30 02:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml [2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml [2011/08/03 15:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/03 15:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/01/09 13:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/01/02 10:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/14 01:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/27 05:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/03 04:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/08/27 08:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/11/24 06:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011/06/09 07:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/01/01 04:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011/05/23 06:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010/01/01 04:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010/01/01 04:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010/01/01 04:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010/01/01 04:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010/01/01 04:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [csrs] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [services.exe] C:\Windows\System32\services.exe.exe () O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [winloqon] File not found O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\MY_ON_C..\Run: [AQQ] File not found O4 - HKU\MY_ON_C..\Run: [Raptr] File not found O4 - HKU\MY_ON_C..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = File not found O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe () O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6 [2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6 [2011/08/30 04:56:17 | 000,000,000 | -H-D | C] -- C:\host [2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER [2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6 [2011/08/30 04:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6 [2011/08/30 03:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011/08/30 03:52:44 | 000,000,000 | ---D | C] -- C:\rsit [2011/08/27 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011/08/26 03:21:45 | 000,000,000 | ---D | C] -- C:\Data [2011/08/25 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011/08/25 16:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011/08/25 16:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011/08/25 16:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011/08/25 16:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011/08/25 16:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011/08/25 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011/08/25 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic [2011/08/25 10:17:10 | 000,339,968 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe [2011/08/25 10:17:10 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe [2011/08/23 16:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/08/22 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy [2011/08/16 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011/08/16 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield [2011/08/09 19:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/08/09 19:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/08/09 19:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/08/09 19:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/08/09 19:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/08/09 19:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/08/09 19:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/08/09 19:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/08/09 19:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/08/09 19:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/08/07 13:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh [2011/08/03 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares [2011/08/03 15:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011/08/03 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/08/30 17:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/30 17:16:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011/08/30 15:43:52 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/08/30 15:43:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/30 15:43:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/30 15:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011/08/30 07:50:03 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/08/30 05:37:25 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011/08/30 05:37:25 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/08/30 05:37:25 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011/08/30 05:37:25 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/08/30 05:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/30 05:03:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2011/08/30 05:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini [2011/08/29 07:24:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/08/29 07:24:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/08/25 16:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011/08/25 10:17:09 | 006,855,168 | RHS- | M] () -- C:\Program Files\Common Files\svhost.exe [2011/08/25 10:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe [2011/08/25 10:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe [2011/08/23 16:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011/08/16 15:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011/08/16 15:25:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011/08/08 04:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011/08/08 04:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011/08/03 15:30:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011/08/03 15:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/08/03 15:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/08/30 15:44:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011/08/30 04:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini [2011/08/30 04:56:39 | 000,663,697 | ---- | C] () -- C:\Windows\System32\services.exe.exe [2011/08/25 16:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/08/25 16:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/08/25 16:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011/08/25 16:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/08/25 16:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/08/25 10:17:10 | 006,855,168 | RHS- | C] () -- C:\Program Files\Common Files\svhost.exe [2011/08/23 16:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011/08/16 15:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011/08/03 15:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011/07/23 07:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3 [2011/07/19 15:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1 [2011/07/19 08:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0 [2011/07/19 08:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2 [2011/04/25 05:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/04/25 05:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/04/13 15:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll [2011/04/13 15:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll [2011/04/13 15:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/03/27 06:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll [2011/01/23 09:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011/01/23 05:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/01/22 04:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/01/22 04:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/01/12 18:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011/01/09 16:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat [2011/01/05 10:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/04 03:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011/01/01 11:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/01/01 10:53:50 | 000,000,085 | ---- | C] () -- C:\Users\MY\AppData\default.pls [2010/12/31 13:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll [2010/12/31 09:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat [2010/12/31 07:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/31 05:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat [2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe [2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe [2010/02/04 05:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe [2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007/02/28 19:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006/12/05 01:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006/12/05 01:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006/12/05 01:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006/12/05 01:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\app [2011/08/25 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Azureus [2011/01/01 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\DAEMON Tools Lite [2011/07/21 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus 2 [2011/07/19 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/23 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/19 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/08/30 04:53:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\EurekaLog [2011/05/23 06:17:32 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GameRanger [2011/02/05 08:24:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GanymedeNet [2011/03/05 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\gtk-2.0 [2011/07/31 10:59:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Image Zone Express [2011/03/04 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\ImgBurn [2011/03/19 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Leadertech [2011/03/18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\LolClient [2011/01/14 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\MahJong Suite [2011/01/09 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\OpenOffice.org [2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PlayerPlug [2011/01/04 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Printer Info Cache [2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PropMgrAsync [2011/02/12 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Raptr [2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/01/02 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Sports Interactive [2011/03/14 06:02:57 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\sqlitestudio [2011/06/17 05:06:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tibia [2011/01/12 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tunngle [2011/03/31 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\VDownloader [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/12/31 08:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dane aplikacji [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumenty [2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Start [2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon [2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU [2011/03/18 10:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2011/01/23 09:56:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Pulpit [2011/01/02 08:48:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011/06/27 01:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Szablony [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/01/14 15:19:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TreeCardGames [2011/01/12 15:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Ulubione [2010/12/31 06:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011/08/30 17:16:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011/08/30 15:32:58 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV < End of report > [/log]
Gość komentarz 30 sierpnia 2011 komentarz 30 sierpnia 2011 (edytowane) [quote]Udało się![/quote] Udało ci się wejść do systemu. Infekcja jest nie usunięta, bo niby jak. Teraz skopiuj skrypt, który podałem do notatnika i zapisz go na pendriwie jako Skrypt.txt Podepnij pendraiw do zainfekowanego kompa i przeklej treść skryptu w okno OTL, potem kliknij na wykonaj skrypt. Nastąpi usuwanie infekcji. 1
Mitgethar komentarz 30 sierpnia 2011 Autor komentarz 30 sierpnia 2011 Gotowe. Oto Fixlog: [log] ========== FILES ========== C:\ProgramData\csrs.exe moved successfully. C:\ProgramData\winloqon.exe moved successfully. C:\Program Files\Common Files\svhost.exe moved successfully. ========== SERVICES/DRIVERS ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinService deleted successfully. ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. C:\Program Files\Vuze_Remote\tbVuze.dll moved successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\tbVuze.dll not found. Prefs.js: "qooqlle" removed from browser.search.selectedEngine Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\csrs deleted successfully. File C:\ProgramData\csrs.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svhost deleted successfully. File C:\Program Files\Common Files\svhost.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winloqon deleted successfully. File C:\ProgramData\winloqon.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Raptr deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found. File K:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found. File L:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found. File L:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found. File L:\EXPLORER.EXE not found. ADS C:\Users\MY\Desktop\ABS.avi:TOC.WMV deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MY ->Temp folder emptied: 447349513 bytes ->Temporary Internet Files folder emptied: 152942193 bytes ->Java cache emptied: 680043 bytes ->FireFox cache emptied: 45354695 bytes ->Google Chrome cache emptied: 32105704 bytes ->Flash cache emptied: 147191 bytes User: Public Total Flash Files Cleaned = 647.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 166981529 bytes Total Files Cleaned = 159.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 08312011_022846 [/log]
Gość komentarz 30 sierpnia 2011 komentarz 30 sierpnia 2011 Powtórz jeszcze mały skrypt korygujacy. [php]:Files C:\host C:\Windows\System32\services.exe.exe[/php] Jak wykonasz ten skrypt, spróbuj uruchomić Windowsa normalnie. 1
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 Niestety, problem jest ten sam: nie mam pulpitu, robi się to samo co na początku..
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Zrób nowe logi z OTLPe ustaw wszystko jak na obrazku [url="http://imageshack.us/photo/my-images/51/tl2p.png/"]http://imageshack.us/photo/my-images/51/tl2p.png/[/url], opcja [b]EXtra Registry[/b] też ma być zaznaczona. Czy masz płytę z Vistą? 1
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 (edytowane) Mam płytę z Vistą. Logi: [log] OTL logfile created on: 8/31/2011 1:09:45 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68.36 Gb Total Space | 3.36 Gb Free Space | 4.92% Space Free | Partition Type: NTFS Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto] -- -- (TunngleService) SRV - File not found [On_Demand] -- -- (NBService) SRV - [2011/08/15 09:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [File_System | System] -- -- (ISODrive) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt) DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/12/31 08:49:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009/09/16 02:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/?aff=1"]http://startsear.ch/?aff=1[/url] IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\MY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/27 08:42:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 14:09:31 | 000,000,000 | ---D | M] [2010/12/30 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Extensions [2011/08/25 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\extensions [2011/08/30 02:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml [2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml [2011/08/03 15:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/03 15:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/01/09 13:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/01/02 10:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/14 01:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/27 05:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/03 04:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/08/27 08:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/11/24 06:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011/06/09 07:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/01/01 04:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011/05/23 06:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010/01/01 04:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010/01/01 04:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010/01/01 04:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010/01/01 04:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010/01/01 04:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [services.exe] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\MY_ON_C..\Run: [AQQ] File not found O4 - HKU\MY_ON_C..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = File not found O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe () O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/08/31 02:28:46 | 000,000,000 | ---D | C] -- C:\_OTL [2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6 [2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6 [2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER [2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6 [2011/08/30 04:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6 [2011/08/30 03:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011/08/30 03:52:44 | 000,000,000 | ---D | C] -- C:\rsit [2011/08/27 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011/08/26 03:21:45 | 000,000,000 | ---D | C] -- C:\Data [2011/08/25 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011/08/25 16:50:15 | 000,839,680 | ---- | C] ([url="http://www.mp3dev.org/"]http://www.mp3dev.org/[/url]) -- C:\Windows\System32\lameACM.acm [2011/08/25 16:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011/08/25 16:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011/08/25 16:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011/08/25 16:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011/08/25 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011/08/25 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic [2011/08/23 16:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/08/22 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy [2011/08/16 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011/08/16 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield [2011/08/09 19:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/08/09 19:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/08/09 19:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/08/09 19:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/08/09 19:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/08/09 19:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/08/09 19:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/08/09 19:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/08/09 19:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/08/09 19:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/08/07 13:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh [2011/08/03 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares [2011/08/03 15:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011/08/03 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/08/31 00:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/08/31 00:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/08/31 00:49:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011/08/31 00:49:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/31 00:49:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/31 00:49:05 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/08/31 00:48:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/31 00:48:55 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011/08/30 07:50:03 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/08/30 05:37:25 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011/08/30 05:37:25 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/08/30 05:37:25 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011/08/30 05:37:25 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/08/30 05:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/30 05:03:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia [2011/08/30 05:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini [2011/08/25 16:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011/08/23 16:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011/08/16 15:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011/08/16 15:25:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011/08/08 04:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011/08/08 04:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011/08/03 15:30:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011/08/03 15:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/08/03 15:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/08/31 00:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2011/08/30 04:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini [2011/08/25 16:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/08/25 16:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/08/25 16:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011/08/25 16:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/08/25 16:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/08/23 16:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011/08/16 15:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011/08/03 15:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011/07/23 07:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3 [2011/07/19 15:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1 [2011/07/19 08:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0 [2011/07/19 08:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2 [2011/04/25 05:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/04/25 05:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/04/13 15:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll [2011/04/13 15:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll [2011/04/13 15:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/03/27 06:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll [2011/01/23 09:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011/01/23 05:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/01/22 04:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/01/22 04:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/01/12 18:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011/01/09 16:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat [2011/01/05 10:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/04 03:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011/01/01 11:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/01/01 10:53:50 | 000,000,085 | ---- | C] () -- C:\Users\MY\AppData\default.pls [2010/12/31 13:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll [2010/12/31 09:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat [2010/12/31 07:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/31 05:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat [2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe [2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe [2010/02/04 05:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe [2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007/02/28 19:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006/12/05 01:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006/12/05 01:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006/12/05 01:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006/12/05 01:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\app [2011/08/25 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Azureus [2011/01/01 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\DAEMON Tools Lite [2011/07/21 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus 2 [2011/07/19 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/23 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/07/19 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/08/30 04:53:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\EurekaLog [2011/05/23 06:17:32 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GameRanger [2011/02/05 08:24:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GanymedeNet [2011/03/05 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\gtk-2.0 [2011/07/31 10:59:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Image Zone Express [2011/03/04 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\ImgBurn [2011/03/19 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Leadertech [2011/03/18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\LolClient [2011/01/14 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\MahJong Suite [2011/01/09 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\OpenOffice.org [2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PlayerPlug [2011/01/04 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Printer Info Cache [2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PropMgrAsync [2011/02/12 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Raptr [2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/01/02 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Sports Interactive [2011/03/14 06:02:57 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\sqlitestudio [2011/06/17 05:06:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tibia [2011/01/12 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tunngle [2011/03/31 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\VDownloader [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/12/31 08:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dane aplikacji [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumenty [2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core [2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Start [2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon [2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU [2011/03/18 10:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2011/01/23 09:56:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Pulpit [2011/01/02 08:48:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011/06/27 01:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Szablony [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/01/14 15:19:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TreeCardGames [2011/01/12 15:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle [2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Ulubione [2010/12/31 06:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011/08/31 00:49:46 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 8/31/2011 1:09:45 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68.36 Gb Total Space | 3.36 Gb Free Space | 4.92% Space Free | Partition Type: NTFS Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe -- () [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "BabylonToolbar" = Babylon toolbar "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0 "BicTrainer pod 7.6" = BicTrainer pod 7.6 "Cheat Engine 6.0_is1" = Cheat Engine 6.0 "Combat Arms EU" = Combat Arms EU "conduitEngine" = Conduit Engine "CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Driver Cleaner" = Driver Cleaner 3 "Eurobattle.net1.24b" = Eurobattle.net "Football Manager 2011 Russian" = Football Manager 2011 Russian "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full) "MahJong Suite_is1" = MahJong Suite 2009 v6.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl) "Mpa Bot pod 7.6" = Mpa Bot pod 7.6 "SopCast" = SopCast 3.3.2 "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia 7.6 "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Tunngle beta_is1" = Tunngle beta "UltraISO_is1" = UltraISO Premium V9.36 "Veetle TV" = Veetle TV 0.9.18 "vShare.tv plugin" = vShare.tv plugin 1.3 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.10 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\MY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa < End of report > [/log]
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Mała kosmetyka, która zapewne nie przyniesie efektu. Wykonaj w OTL następujący skrypt [php]:OTL O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe ()[/php] 1
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 Fix log: [log]========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\services.exe deleted successfully. C:\RECYCLER\services.exe moved successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 08312011_140416 [/log]
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Napisałem na PW co masz zrobić. Jeśli masz plyte z Vista zastartuj z niej na kompa i wykonaj naprawe systemu. 1
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 Komputerek sprawny, wszystko śmiga ładnie. Dla pewności wkleję tutaj logi po odzyskiwaniu systemu: OTL: [log]OTL logfile created on: 2011-08-31 11:56:29 - Run 2 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,32% Memory free 4,25 Gb Paging File | 2,99 Gb Available in Paging File | 70,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 6,80 Gb Free Space | 9,95% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\Programy\OTL(2).exe PRC - [2011-08-27 14:42:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-08-15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011-08-09 20:55:50 | 009,118,208 | ---- | M] (Creative Team S.A.) -- D:\Programy\WapSter AQQ\AQQ.exe PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe PRC - [2010-11-07 11:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-08-27 14:42:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-07-18 12:02:10 | 000,577,536 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet1.dll MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2009-06-19 23:47:52 | 000,293,888 | ---- | M] () -- C:\Users\MY\WapSter\AQQ Folder\Profiles\Maciek\Plugins\SpellChecker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-27 14:42:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M] [2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions [2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions [2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml [2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-08-27 14:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [services.exe] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKCU..\Run: [Raptr] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-08-31 08:28:46 | 000,000,000 | ---D | C] -- C:\_OTL [2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6 [2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6 [2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER [2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6 [2011-08-30 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6 [2011-08-30 09:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-08-30 09:52:44 | 000,000,000 | ---D | C] -- C:\rsit [2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data [2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic [2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy [2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield [2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh [2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares [2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-08-31 14:51:29 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-08-31 14:42:56 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-08-31 14:42:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-08-31 14:42:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-08-31 14:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-08-31 14:42:46 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011-08-31 14:41:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-08-31 14:33:05 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-08-31 14:33:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-08-31 14:33:05 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-08-31 14:33:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-08-31 06:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011-08-31 06:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011-08-30 11:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-30 11:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini [2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel [2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-08-31 06:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2011-08-30 10:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini [2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel [2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3 [2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1 [2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0 [2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2 [2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll [2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll [2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll [2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat [2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll [2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat [2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat [2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe [2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe [2010-02-04 11:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe [2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > [/log] Extras [log]OTL Extras logfile created on: 2011-08-31 12:03:43 - Run 2 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,79% Memory free 4,25 Gb Paging File | 2,66 Gb Available in Paging File | 62,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 6,79 Gb Free Space | 9,94% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system | "{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system | "{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe | "{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe | "{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system | "{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe | "{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe | "{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe | "{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe | "{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe | "{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe | "{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe | "TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe | "TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe | "TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe | "TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe | "UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe | "UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe | "UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | "UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe | "UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "BabylonToolbar" = Babylon toolbar "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0 "BicTrainer pod 7.6" = BicTrainer pod 7.6 "Cheat Engine 6.0_is1" = Cheat Engine 6.0 "Combat Arms EU" = Combat Arms EU "conduitEngine" = Conduit Engine "CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Driver Cleaner" = Driver Cleaner 3 "Eurobattle.net1.24b" = Eurobattle.net "Football Manager 2011 Russian" = Football Manager 2011 Russian "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full) "MahJong Suite_is1" = MahJong Suite 2009 v6.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl) "Mpa Bot pod 7.6" = Mpa Bot pod 7.6 "SopCast" = SopCast 3.3.2 "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia 7.6 "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Tunngle beta_is1" = Tunngle beta "UltraISO_is1" = UltraISO Premium V9.36 "Veetle TV" = Veetle TV 0.9.18 "vShare.tv plugin" = vShare.tv plugin 1.3 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.10 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f. Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002 Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff Godzina zakończenia: 18 Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227 Description = Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56. [ System Events ] Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-08-30 17:16:51 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2011-08-31 08:27:12 | Computer Name = MY-PC | Source = sptd | ID = 262148 Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error - 2011-08-31 08:28:21 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7023 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-08-31 08:30:15 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290 Description = < End of report > [/log] Log: [log]Logfile of random's system information tool 1.09 (written by random/random) Run by MY at 2011-08-31 12:00:28 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 7 GB (10%) free of 70 GB Total RAM: 2047 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:00:32, on 2011-08-31 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe D:\Programy\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe D:\Programy\WapSter AQQ\AQQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\MY\Desktop\Programy\OTL(2).exe C:\Windows\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\MY\Desktop\Programy\RSIT.exe C:\Program Files\trend micro\MY.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [services.exe] C:\Windows\system32\services.exe.exe O4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Startup: GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe O4 - Startup: OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programy\Tunngle\TnglCtrl.exe -- End of file - 8018 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "google.com" prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2, cssreloader@kenneth.io:1.0.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10" prefs.js - "keyword.URL" - "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0] "Description"=npganymedenet "Path"=C:\Program Files\Ganymede\Plugins\npganymedenet.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame] "Description"=Nexon Game Controller 1.0.0.1 "Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18] "Description"=Veetle TV Core "Path"=C:\Program Files\Veetle\plugins\npVeetle.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18] "Description"=Veetle TV Player "Path"=C:\Program Files\Veetle\Player\npvlc.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll npganymedenet.dll npganymedenet.xpt nppdf32.dll npvsharetvplg.dll npwachk.dll C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml babylon.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\ search.xml startsear.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\Programy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [] {ba14329e-9550-4989-b3f2-9732e92d17cc} {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] {98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760] {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-03 9726568] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "services.exe"=C:\Windows\system32\services.exe [2009-04-11 279552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AQQ"=D:\Programy\WAPSTE~1\AQQ.exe [2011-08-09 9118208] "SpybotSD TeaTimer"=D:\Programy\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe --startup [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe [2011-04-08 235168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup GameRanger.lnk - C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe OpenOffice.org 3.2.lnk - D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.VP70"=vp7vfw.dll "VIDC.XVID"=xvidvfw.dll "VIDC.LAGS"=lagarith.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "vidc.iv41"=Ir41_32.ax "vidc.iv50"=Ir50_32.dll ======List of files/folders created in the last 1 month====== 2011-08-31 19:12:56 ----A---- C:\Extras.Txt 2011-08-31 08:28:46 ----D---- C:\_OTL 2011-08-31 06:48:55 ----ASH---- C:\hiberfil.sys 2011-08-31 06:43:20 ----A---- C:\OTL.Txt 2011-08-30 21:26:26 ----A---- C:\Windows\ntbtlog.txt 2011-08-30 10:57:03 ----A---- C:\Windows\system32\tcfg.ini 2011-08-30 10:57:01 ----D---- C:\Program Files\BicTrainer 7.6 2011-08-30 10:56:17 ----D---- C:\RECYCLER 2011-08-30 10:56:16 ----D---- C:\Program Files\Mpa bot 7.6 2011-08-30 09:52:45 ----D---- C:\Program Files\trend micro 2011-08-30 09:52:44 ----D---- C:\rsit 2011-08-27 20:09:31 ----D---- C:\Program Files\vShare.tv plugin 2011-08-26 09:21:45 ----D---- C:\Data 2011-08-25 22:50:15 ----A---- C:\Windows\system32\yv12vfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidvfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidcore.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\vp7vfw.dll 2011-08-25 22:50:15 ----A---- C:\Windows\system32\lagarith.dll 2011-08-25 22:50:15 ----A---- C:\Windows\avisplitter.ini 2011-08-25 22:50:14 ----A---- C:\Windows\system32\ff_vfw.dll 2011-08-25 22:50:12 ----D---- C:\Program Files\K-Lite Codec Pack 2011-08-25 16:25:05 ----D---- C:\Users\MY\AppData\Roaming\Media Player Classic 2011-08-23 22:30:04 ----A---- C:\Windows\system32\tzres.dll 2011-08-16 21:24:51 ----D---- C:\Users\MY\AppData\Roaming\InstallShield 2011-08-10 01:14:35 ----A---- C:\Windows\system32\winsrv.dll 2011-08-10 01:14:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2011-08-10 01:14:32 ----A---- C:\Windows\system32\wininet.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\urlmon.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\url.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtmled.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtml.dll 2011-08-10 01:14:32 ----A---- C:\Windows\system32\iertutil.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\mstime.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\msfeeds.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\iepeers.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieframe.dll 2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieapfltr.dll 2011-08-10 01:14:23 ----A---- C:\Windows\system32\xmllite.dll 2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntoskrnl.exe 2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntkrnlpa.exe 2011-08-10 01:14:16 ----A---- C:\Windows\system32\drivers\tcpip.sys ======List of files/folders modified in the last 1 month====== 2011-08-31 14:43:15 ----D---- C:\Windows\system32\Tasks 2011-08-31 14:33:05 ----D---- C:\Windows\System32 2011-08-31 14:33:05 ----D---- C:\Windows\inf 2011-08-31 14:33:05 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-08-31 14:28:23 ----D---- C:\Windows\Tasks 2011-08-31 12:00:32 ----D---- C:\Windows\Temp 2011-08-31 12:00:25 ----D---- C:\Windows\Prefetch 2011-08-31 08:28:48 ----D---- C:\Program Files\Vuze_Remote 2011-08-31 08:28:46 ----HD---- C:\ProgramData 2011-08-31 08:28:46 ----D---- C:\Program Files\Common Files 2011-08-30 21:26:26 ----D---- C:\Windows 2011-08-30 10:57:01 ----RD---- C:\Program Files 2011-08-30 10:53:37 ----D---- C:\Users\MY\AppData\Roaming\EurekaLog 2011-08-30 08:18:28 ----SHD---- C:\System Volume Information 2011-08-27 14:42:28 ----D---- C:\Program Files\Mozilla Firefox 2011-08-27 00:02:30 ----SHD---- C:\$Recycle.Bin 2011-08-26 00:33:13 ----D---- C:\Users\MY\AppData\Roaming\Azureus 2011-08-25 16:21:40 ----D---- C:\Windows\system32\catroot2 2011-08-24 09:40:04 ----D---- C:\Windows\rescache 2011-08-24 09:28:33 ----D---- C:\Windows\winsxs 2011-08-24 09:28:32 ----D---- C:\Windows\system32\pl-PL 2011-08-23 22:27:20 ----D---- C:\Windows\system32\catroot 2011-08-21 23:09:19 ----D---- C:\Users\MY\AppData\Roaming\Skype 2011-08-16 21:30:18 ----RSD---- C:\Windows\assembly 2011-08-16 21:25:52 ----HD---- C:\Program Files\InstallShield Installation Information 2011-08-10 22:19:35 ----D---- C:\Windows\Microsoft.NET 2011-08-10 15:59:59 ----D---- C:\Windows\system32\drivers 2011-08-10 15:59:58 ----D---- C:\Program Files\Windows Mail 2011-08-10 13:57:36 ----A---- C:\Windows\system32\mrt.exe 2011-08-10 13:57:19 ----SHD---- C:\Windows\Installer 2011-08-10 13:57:18 ----HD---- C:\Config.Msi 2011-08-03 21:05:33 ----RD---- C:\Program Files\Skype 2011-08-03 21:05:16 ----D---- C:\ProgramData\Skype 2011-08-03 21:04:28 ----D---- C:\Users\MY\AppData\Roaming\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 691696] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Programy\UltraISO\drivers\ISODrive.sys [2010-01-29 82320] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-03 3185640] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656] R3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 argu8fop;argu8fop; C:\Windows\system32\drivers\argu8fop.sys [] S3 Dot4;Sterownik MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Sterownik klasy drukowania dla IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-08-15 2151640] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 TunngleService;TunngleService; D:\Programy\Tunngle\TnglCtrl.exe [2010-11-22 718072] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176] S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- [/log] Info: [log]info.txt logfile of random's system information tool 1.09 2011-08-31 12:00:33 ======Uninstall list====== -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->D:\Programy\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Ad-Aware-->"C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Archiwizator WinRAR-->D:\Programy\WinaRAR\uninstall.exe Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Babylon toolbar-->"C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe" Bejeweled 2 Deluxe 1.0-->D:\Gry\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "D:\Gry\PopCap Games\Bejeweled 2 Deluxe\Install.log" BicTrainer pod 7.6-->C:\Program Files\BicTrainer 7.6\uninstall.exe Cheat Engine 6.0-->"C:\Program Files\Cheat Engine 6\unins000.exe" Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746} Crysis® 2 Demo-->MsiExec.exe /X{1BF4CB15-6055-452A-8487-021AE2D91208} CS16 Full v32.1 Non-Steam-->D:\Gry\CS\Uninstal.exe DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe Driver Cleaner 3-->C:\Program Files\Driver Cleaner\Uninst.exe Eurobattle.net-->"C:\Windows\Eurobattle.net\uninstall.exe" "/U:D:\Gry\Warcraft III\Uninstall\uninstall.xml" FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C} FlatOut2-->C:\Program Files\InstallShield Installation Information\{4EB106F5-110F-4E96-BCBA-1687AE57A04E}\setup.exe -runfromtemp -l0x0015 -removeonly Football Manager 2011 Russian-->"D:\Gry\FM11\Uninstall_Football Manager 2011 Russian\Uninstall Football Manager 2011 Russian.exe" GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe GIMP 2.6.10-->"D:\Programy\GIMP-2.0\setup\unins000.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.218\Installer\setup.exe" --uninstall --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} ImgBurn-->"D:\Programy\ImgBurn\uninstall.exe" Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0} Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF} K-Lite Codec Pack 7.6.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" League of Legends-->"C:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x040c -removeonly LOST PLANET COLONIES-->MsiExec.exe /X{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322} MahJong Suite 2009 v6.1-->"D:\Gry\MahJong Suite\unins000.exe" Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Mozilla Firefox 6.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mpa Bot pod 7.6-->E:\Gry\Tibia\Mpa Bot pod 7.6\uninstall.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91045} NSIS Example2-->"D:\Gry\Tibia Auto\uninstall.exe" NVIDIA Sterownik graficzny 266.58-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9} Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED} SopCast 3.3.2-->D:\Programy\SopCast\uninst.exe Spybot - Search & Destroy-->"D:\Programy\Spybot - Search & Destroy\unins000.exe" SweetIM for Messenger 3.3-->MsiExec.exe /X{1D301950-EA2F-4882-9AA0-49467756842A} SweetIM Toolbar for Internet Explorer 3.9-->MsiExec.exe /X{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24} System Requirements Lab CYRI-->MsiExec.exe /I{1F77C418-2C90-459C-BD33-B56A4182B9FA} Tibia 7.6-->E:\Gry\Tibia\unins000.exe Total Video Converter 3.11 070908-->"D:\Programy\Total Video Converter\unins000.exe" Tunngle beta-->"D:\Programy\Tunngle\unins000.exe" UltraISO Premium V9.36-->"D:\Programy\UltraISO\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VDownloader 3.0.733-->"D:\Programy\VDownloader\unins000.exe" Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe Vuze Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNWISE.EXE /U C:\PROGRA~1\VUZE_R~1\INSTALL.LOG Vuze-->C:\Program Files\Vuze\uninstall.exe WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Winamp-->"D:\Programy\Winamp\UninstWA.exe" Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe" ======Security center information====== AV: Lavasoft Ad-Watch Live! Anti-Virus (disabled) AS: Lavasoft Ad-Watch Live! (disabled) AS: Windows Defender ======System event log====== Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1373_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed). Record Number: 81486 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210251.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1372_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed). Record Number: 81485 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210251.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1371_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed). Record Number: 81484 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210251.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1370_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed). Record Number: 81483 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210251.000000-000 Event Type: Informacje User: MY-PC\MY Computer Name: MY-PC Event Code: 4386 Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1369_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed). Record Number: 81482 Source Name: Microsoft-Windows-Servicing Time Written: 20110323210251.000000-000 Event Type: Informacje User: MY-PC\MY =====Application event log===== Computer Name: 26L2233B2-11 Event Code: 1003 Message: Usługa Windows Search została uruchomiona. Record Number: 5 Source Name: Microsoft-Windows-Search Time Written: 20101230221730.000000-000 Event Type: Informacje User: Computer Name: 26L2233B2-11 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20101230221729.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20101230221725.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 900 Message: Usługa licencjonowania oprogramowania jest uruchamiana. Record Number: 2 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20101230221724.000000-000 Event Type: Informacje User: Computer Name: LH-NV83FKO2OB9R Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101230221724.000000-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM =====Security event log===== Computer Name: MY-PC Event Code: 5032 Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci. Kod błędu: 2 Record Number: 2913 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110112075359.980504-000 Event Type: Niepowodzenie inspekcji User: Computer Name: MY-PC Event Code: 5032 Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci. Kod błędu: 2 Record Number: 2912 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110112075356.844904-000 Event Type: Niepowodzenie inspekcji User: Computer Name: MY-PC Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 3 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-7 Nazwa konta: LOGOWANIE ANONIMOWE Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x27cab Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x0 Nazwa procesu: - Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: NtLmSsp Pakiet uwierzytelniania: NTLM Usługi przejściowe: - Nazwa pakietu (tylko NTLM): NTLM V1 Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2911 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110112075351.111504-000 Event Type: Sukces inspekcji User: Computer Name: MY-PC Event Code: 5024 Message: Usługa Zapora systemu Windows została pomyślnie uruchomiona. Record Number: 2910 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110112075351.016504-000 Event Type: Sukces inspekcji User: Computer Name: MY-PC Event Code: 5033 Message: Sterownik Zapory systemu Windows został pomyślnie uruchomiony. Record Number: 2909 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110112075350.672504-000 Event Type: Sukces inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "configsetroot"=%SystemRoot%\ConfigSetRoot "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF----------------- [/log]
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Jeszcze nie skończyliśmy. Pobierz Ad-remover link do programu jest w moim pierwszym poście tematu. Uruchom go i wykonaj scan. Wstaw log z [b]Ad-remover[/b] do wglądu. 1
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 Log z Ad-removera : [log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:57:04 on 31/08/2011, Normal boot Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) MY@MY-PC (PC-FACTORY GA-945GZM-S2) ============== SEARCH ============== File found: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Folder found: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\conduit Folder found: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\ConduitEngine Folder found: C:\Program Files\Ask.com Folder found: C:\Users\MY\AppData\LocalLow\AskToolbar Folder found: C:\Users\MY\AppData\LocalLow\Conduit Folder found: C:\Program Files\Conduit Folder found: C:\Users\MY\AppData\LocalLow\ConduitEngine Folder found: C:\Program Files\ConduitEngine Folder found: C:\ProgramData\PopCap Games Folder found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Folder found: C:\Users\MY\AppData\LocalLow\Toolbar4 File found: C:\Users\MY\Downloads\vshare-plugin.exe File found: C:\Users\MY\Downloads\iMeshV10.exe Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key found: HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key found: HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key found: HKLM\Software\Classes\CLSID\{85253941-74E7-4CA1-92BB-694F5D3A4DE4} Key found: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key found: HKLM\Software\Classes\CLSID\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC} Key found: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key found: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key found: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key found: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key found: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key found: HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key found: HKLM\Software\Classes\Conduit.Engine Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key found: HKLM\Software\Classes\Toolbar.CT2504091 Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key found: HKLM\Software\Conduit Key found: HKLM\Software\conduitEngine Key found: HKLM\Software\PopCap Key found: HKLM\Software\Trymedia Systems Key found: HKCU\Software\Ask.com Key found: HKCU\Software\Conduit Key found: HKCU\Software\PopCap Key found: HKCU\Software\AppDataLow\AskToolbarInfo Key found: HKCU\Software\AppDataLow\Toolbar Key found: HKCU\Software\AppDataLow\Software\AskToolbar Key found: HKCU\Software\AppDataLow\Software\Conduit Key found: HKCU\Software\AppDataLow\Software\conduitEngine Key found: HKLM\Software\Cheat Engine\OpenCandy Key found: HKLM\Software\VDownloader\OpenCandy Key found: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key found: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [6.0.1 (pl)] **** Plugins\npganymedenet.dll ( ) Plugins\npvsharetvplg.dll (vShare.tv ) Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x) HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606/) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype extension ) -- C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default -- Searchplugins\search.xml (?) Searchplugins\startsear.xml (?) Prefs.js - browser.search.selectedEngine, Prefs.js - browser.startup.homepage, google.com Prefs.js - browser.startup.homepage_override.mstone, false Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= ======================================== **** Internet Explorer Version [7.0.6002.18005] **** HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://vshare.toolbarhome.com/?hp=df HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://startsear.ch/?aff=1 AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606 HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} (x) HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x) HKLM_SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} - "Web Search" (hxxp://startsear.ch/?aff=1&q={searchTerms}) HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKCU_Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (C:\Program Files\vShare.tv plugin\BarLcher.dll) HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x) HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x) HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll) HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll) HKLM_Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (C:\Program Files\vShare.tv plugin\BarLcher.dll) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) HKLM_ElevationPolicy\{11AF66E1-6BDE-4AA0-A061-65188608936B} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PlayerPlug.exe (x) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\TbHelper2.exe (x) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{6CF0FDB5-3F57-46B4-8891-138DF970A9D6} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?) HKLM_ElevationPolicy\{973F1DA1-9BE8-49C1-A68D-EAA0D9847898} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PropMgrAsync.exe (x) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (x) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll) BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll) BHO\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - "IE5BarLauncherBHO Class" (C:\Program Files\vShare.tv plugin\BarLcher.dll) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} (?) BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Sopcast Ask Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-SCAN[1].txt - 31/08/2011 20:57:09 (13063 Byte(s)) End at: 20:57:46, 31/08/2011 ============== E.O.F ============== [/log]
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Uruchom [b]Ad-remover[/b] i kliknij opcje [b]Clean[/b], to usunie śmieciarskie Toolbary. Odinstaluj RSIT Pokaż nowe logi z OTL. Powoli przejdziemy do czynności końcowych.
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 Log z Ad-remover clean'a : [log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 21:23:15 on 31/08/2011, Normal boot Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) MY@MY-PC (PC-FACTORY GA-945GZM-S2) ============== ACTION(S) ============== File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Folder deleted: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\conduit Folder deleted: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\ConduitEngine Folder deleted: C:\Program Files\Ask.com Folder deleted: C:\Users\MY\AppData\LocalLow\AskToolbar Folder deleted: C:\Users\MY\AppData\LocalLow\Conduit Folder deleted: C:\Program Files\Conduit Folder deleted: C:\Users\MY\AppData\LocalLow\ConduitEngine Folder deleted: C:\Program Files\ConduitEngine Folder deleted: C:\ProgramData\PopCap Games Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Folder deleted: C:\Users\MY\AppData\LocalLow\Toolbar4 File deleted: C:\Users\MY\Downloads\vshare-plugin.exe File deleted: C:\Users\MY\Downloads\iMeshV10.exe (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key deleted: HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key deleted: HKLM\Software\Classes\CLSID\{85253941-74E7-4CA1-92BB-694F5D3A4DE4} Key deleted: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key deleted: HKLM\Software\Classes\CLSID\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC} Key deleted: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key deleted: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key deleted: HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\Toolbar.CT2504091 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKLM\Software\PopCap Key deleted: HKLM\Software\Trymedia Systems Key deleted: HKCU\Software\Ask.com Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\PopCap Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine Key deleted: HKLM\Software\Cheat Engine\OpenCandy Key deleted: HKLM\Software\VDownloader\OpenCandy Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [6.0.1 (pl)] **** Plugins\npganymedenet.dll ( ) Plugins\npvsharetvplg.dll (vShare.tv ) Plugins\npwachk.dll (Nullsoft, Inc.) HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x) HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x) HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x) HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606/) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype extension ) -- C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default -- Searchplugins\search.xml (?) Searchplugins\startsear.xml (?) Prefs.js - browser.search.selectedEngine, Prefs.js - browser.startup.homepage, google.com Prefs.js - browser.startup.homepage_override.mstone, false Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q= ======================================== **** Internet Explorer Version [7.0.6002.18005] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x) HKLM_SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} - "Web Search" (hxxp://startsear.ch/?aff=1&q={searchTerms}) HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKCU_Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x) HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x) HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll) HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll) HKLM_Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) HKLM_ElevationPolicy\{11AF66E1-6BDE-4AA0-A061-65188608936B} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PlayerPlug.exe (x) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\TbHelper2.exe (x) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{6CF0FDB5-3F57-46B4-8891-138DF970A9D6} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?) HKLM_ElevationPolicy\{973F1DA1-9BE8-49C1-A68D-EAA0D9847898} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PropMgrAsync.exe (x) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (x) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll) BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll) BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 117 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 31/08/2011 21:23:23 (12226 Byte(s)) C:\Ad-Report-SCAN[1].txt - 31/08/2011 20:57:09 (13202 Byte(s)) End at: 21:25:11, 31/08/2011 ============== E.O.F ============== [/log] Logi z OTL: [log]OTL logfile created on: 2011-08-31 21:40:29 - Run 3 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,69% Memory free 4,24 Gb Paging File | 2,99 Gb Available in Paging File | 70,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 6,45 Gb Free Space | 9,43% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-08-31 13:51:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\Programy\OTL(2).exe PRC - [2011-08-15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-08-31 13:51:58 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 9666 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9666 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-31 13:51:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M] [2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions [2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions [2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml [2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-08-31 13:51:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [services.exe] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.) O4 - HKCU..\Run: [Raptr] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-08-31 20:56:40 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Remover [2011-08-31 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-08-31 08:28:46 | 000,000,000 | ---D | C] -- C:\_OTL [2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6 [2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6 [2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER [2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6 [2011-08-30 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6 [2011-08-30 09:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-08-30 09:52:44 | 000,000,000 | ---D | C] -- C:\rsit [2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin [2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data [2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic [2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy [2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive [2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield [2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh [2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares [2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-08-31 21:27:14 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-08-31 21:27:13 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-08-31 21:27:09 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-08-31 21:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-08-31 21:26:59 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys [2011-08-31 21:25:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011-08-31 20:56:40 | 000,001,676 | ---- | M] () -- C:\Users\MY\Desktop\Ad-Remover.lnk [2011-08-31 20:50:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-08-31 12:17:41 | 000,752,884 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0001.jpg [2011-08-31 12:15:43 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-08-31 12:15:42 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-08-31 12:15:42 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-08-31 12:15:42 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-08-31 06:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011-08-31 06:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011-08-30 11:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-08-30 11:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini [2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel [2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini [2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-08-31 20:56:40 | 000,001,676 | ---- | C] () -- C:\Users\MY\Desktop\Ad-Remover.lnk [2011-08-31 12:17:00 | 000,752,884 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0001.jpg [2011-08-31 06:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys [2011-08-30 10:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini [2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel [2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk [2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk [2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3 [2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1 [2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0 [2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2 [2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll [2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll [2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll [2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat [2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll [2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat [2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat [2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe [2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe [2010-02-04 11:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe [2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > [/log] [log]OTL Extras logfile created on: 2011-08-31 21:40:29 - Run 3 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,69% Memory free 4,24 Gb Paging File | 2,99 Gb Available in Paging File | 70,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68,36 Gb Total Space | 6,45 Gb Free Space | 9,43% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS Computer Name: MY-PC | User Name: MY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system | "{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system | "{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system | "{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe | "{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe | "{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system | "{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe | "{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe | "{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe | "{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe | "{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe | "{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe | "{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe | "{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | "{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe | "{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe | "{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe | "TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | "TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe | "TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe | "TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe | "TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | "TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe | "TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe | "TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe | "TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe | "TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe | "UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe | "UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe | "UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe | "UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe | "UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe | "UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe | "UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe | "UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | "UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | "UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe | "UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe | "UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | "UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | "UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "BabylonToolbar" = Babylon toolbar "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0 "BicTrainer pod 7.6" = BicTrainer pod 7.6 "Cheat Engine 6.0_is1" = Cheat Engine 6.0 "Combat Arms EU" = Combat Arms EU "CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Driver Cleaner" = Driver Cleaner 3 "Eurobattle.net1.24b" = Eurobattle.net "Football Manager 2011 Russian" = Football Manager 2011 Russian "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full) "MahJong Suite_is1" = MahJong Suite 2009 v6.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 6.0.1 (x86 pl)" = Mozilla Firefox 6.0.1 (x86 pl) "Mpa Bot pod 7.6" = Mpa Bot pod 7.6 "SopCast" = SopCast 3.3.2 "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia 7.6 "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "Tunngle beta_is1" = Tunngle beta "UltraISO_is1" = UltraISO Premium V9.36 "Veetle TV" = Veetle TV 0.9.18 "vShare.tv plugin" = vShare.tv plugin 1.3 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.10 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Ad-Remover" = Ad-Remover "GameRanger" = GameRanger "Warcraft III" = Warcraft III: wszystkie elementy "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f. Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002 Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff Godzina zakończenia: 18 Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227 Description = Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56. Error - 2011-08-31 08:27:52 | Computer Name = MY-PC | Source = Software Licensing Service | ID = 1001 Description = Uruchomienie usługi licencjonowania oprogramowania nie powiodło się. hr=0x80070002, [2, 4] Error - 2011-08-31 08:44:36 | Computer Name = MY-PC | Source = RasClient | ID = 20227 Description = [ System Events ] Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-08-30 17:16:51 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001 Description = Error - 2011-08-31 08:27:12 | Computer Name = MY-PC | Source = sptd | ID = 262148 Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error - 2011-08-31 08:28:21 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7023 Description = Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-08-31 08:30:15 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290 Description = < End of report > [/log]
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Uruchom OTL i wykonaj następujący skrypt: [php]:OTL O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. 03 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found. O4 - HKLM..\Run: [services.exe] File not found[/php] Odinstaluj Spaybota - to przestarzale narzedzie. Odinstaluj Babylon Toolbar , DAEMON Tools Toolbar Następnie wyczyść foldery przywracania systemu [url="http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1"]http://www.fixitpc.p...ania-czesc-1/#1[/url], to usunie ewentualne pozostałości po infekcji. Java™ 6 Update 20 Java™ 6 Update 26 Stare wersje Javy odinstaluj pobierz najnowszą [b]Java7[/b] Uruchom Ad-remover i kliknij opcje Uninstall, to usunie program z dysku i kwarantanne. Na koniec uruchom OTL i kliknij opcje Sprzątanie.
Mitgethar komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 [list=1] [*]Log po wpisaniu skrypta: [log]========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services.exe deleted successfully. OTL by OldTimer - Version 3.2.26.6 log created on 08312011_221917 [/log] Foldery przywracania systemu wyczyszczone. Spy bot odinstalowany. Java zaktualizowana. Posprzątane. [/list]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.