x-kom hosting

Qooqle jako strona startowa! Proszę o szybką pomoc.

Mitgethar
utworzono
utworzono (edytowane)

Witam.
Od jakiegoś tygodnia mam problem z Qooqle.
Logi:
OTL:

[log]OTL logfile created on: 2011-08-30 09:46:18 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,71% Memory free
4,24 Gb Paging File | 2,95 Gb Available in Paging File | 69,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 2,74 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe
PRC - [2011-08-27 14:42:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-08-25 16:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe
PRC - [2011-08-25 16:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe
PRC - [2011-08-09 20:55:50 | 009,118,208 | ---- | M] (Creative Team S.A.) -- D:\Programy\WapSter AQQ\AQQ.exe
PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-08-27 14:42:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-08-10 22:00:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011-08-10 21:00:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011-08-10 21:00:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011-08-10 21:00:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011-08-10 20:59:58 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7ae4f4dbbfd301d5b5f3897b6ea433bf\System.Data.ni.dll
MOD - [2011-08-10 20:59:00 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011-08-10 13:57:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011-07-18 12:02:10 | 000,577,536 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\SMS.dll
MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet1.dll
MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet.dll
MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\Contact.dll
MOD - [2009-06-19 23:47:52 | 000,293,888 | ---- | M] () -- C:\Users\MY\WapSter\AQQ Folder\Profiles\Maciek\Plugins\SpellChecker.dll
MOD - [2009-03-30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (WinService)
SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-27 14:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M]

[2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions
[2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions
[2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-08-27 14:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [csrs] C:\ProgramData\csrs.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winloqon] C:\ProgramData\winloqon.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKCU..\Run: [Raptr] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-08-30 09:42:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe
[2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data
[2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic
[2011-08-25 16:17:10 | 000,339,968 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe
[2011-08-25 16:17:10 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe
[2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy
[2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield
[2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh
[2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares
[2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\OTL(2).exe
[2011-08-30 08:50:05 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-30 08:34:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-30 08:34:42 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-30 08:34:41 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-30 08:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-30 08:34:30 | 2144,948,224 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-30 08:32:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011-08-29 13:24:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011-08-29 13:24:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011-08-29 10:08:27 | 003,652,902 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0017.tif
[2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel
[2011-08-29 10:05:46 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-08-29 10:05:46 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-29 10:05:46 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-08-29 10:05:46 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-28 21:53:12 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-27 23:33:58 | 004,574,595 | R--- | M] () -- C:\Users\MY\Desktop\Słoń - Love forever.mp3
[2011-08-25 16:17:09 | 006,855,168 | RHS- | M] () -- C:\Program Files\Common Files\svhost.exe
[2011-08-25 16:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe
[2011-08-25 16:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe
[2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011-08-07 12:39:29 | 000,249,215 | ---- | M] () -- C:\Users\MY\Desktop\972e8029-2d51-4592-b1f3-1dd67db718df_item.apk
[2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-07-31 17:00:51 | 001,083,726 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0002.jpg
[2011-07-31 16:59:01 | 001,174,043 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0001.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel
[2011-08-29 10:06:44 | 003,652,902 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0017.tif
[2011-08-27 23:33:40 | 004,574,595 | R--- | C] () -- C:\Users\MY\Desktop\Słoń - Love forever.mp3
[2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-25 16:17:10 | 006,855,168 | RHS- | C] () -- C:\Program Files\Common Files\svhost.exe
[2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-07 12:39:28 | 000,249,215 | ---- | C] () -- C:\Users\MY\Desktop\972e8029-2d51-4592-b1f3-1dd67db718df_item.apk
[2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-07-31 17:01:25 | 001,083,726 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0002.jpg
[2011-07-31 16:59:13 | 001,174,043 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0001.jpg
[2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3
[2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1
[2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0
[2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2
[2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll
[2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll
[2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll
[2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat
[2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV

< End of report >
[/log]


Extras:

[log]OTL Extras logfile created on: 2011-08-30 09:46:18 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,71% Memory free
4,24 Gb Paging File | 2,95 Gb Available in Paging File | 69,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 2,74 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher |
"{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher |
"{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe |
"{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe |
"{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system |
"{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe |
"{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe |
"{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe |
"{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe |
"{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe |
"TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe |
"TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe |
"UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |
"UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe |
"UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AQQ" = WapSter AQQ
"BabylonToolbar" = Babylon toolbar
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner" = Driver Cleaner 3
"Eurobattle.net1.24b" = Eurobattle.net
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"MahJong Suite_is1" = MahJong Suite 2009 v6.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl)
"SopCast" = SopCast 3.3.2
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.36
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: wszystkie elementy
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura
czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator
procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f.

Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff
Godzina
zakończenia: 18

Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227
Description =

Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura
czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura
czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator
procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56.

Error - 2011-08-30 03:18:37 | Computer Name = MY-PC | Source = Application Hang | ID = 1002
Description = Program firefox.exe w wersji 6.0.0.4240 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: b40 Godzina rozpoczęcia: 01cc66e22ac22a76
Godzina
zakończenia: 64

[ System Events ]
Error - 2011-08-25 10:21:15 | Computer Name = MY-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 16:19:54 na 2011-08-25 było nieoczekiwane.

Error - 2011-08-25 15:13:49 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-26 18:01:15 | Computer Name = MY-PC | Source = DCOM | ID = 10016
Description =

Error - 2011-08-26 18:01:17 | Computer Name = MY-PC | Source = DCOM | ID = 10016
Description =

Error - 2011-08-26 18:01:18 | Computer Name = MY-PC | Source = DCOM | ID = 10016
Description =

Error - 2011-08-27 01:06:49 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-28 15:14:27 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-29 00:05:05 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.104
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-29 02:17:57 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.101
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-29 15:13:56 | Computer Name = MY-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.0.1 odmówił dzierżawy adresu IP 192.168.0.100
dla karty sieciowej o adresie 001A4D274E7C. (Serwer DHCP wysłał komunikat DHCPNACK).


< End of report >
[/log]


RSIT:

[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by MY at 2011-08-30 09:52:44
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 3 GB (4%) free of 70 GB
Total RAM: 2047 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:52:53, on 2011-08-30
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\csrs.exe
C:\ProgramData\winloqon.exe
D:\Programy\WapSter AQQ\AQQ.exe
D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MY\Desktop\RSIT.exe
C:\Program Files\trend micro\MY.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [csrs] %ALLUSERSPROFILE%\csrs.exe
O4 - HKLM\..\Run: [svhost] %COMMONPROGRAMFILES%\svhost.exe
O4 - HKLM\..\Run: [winloqon] %ALLUSERSPROFILE%\winloqon.exe
O4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O4 - Startup: OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programy\Tunngle\TnglCtrl.exe
O23 - Service: WinService - Unknown owner - C:\Windows\help\svchost.exe (file missing)

--
End of file - 8248 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "google.com"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2, cssreloader@kenneth.io:1.0.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0]
"Description"=npganymedenet
"Path"=C:\Program Files\Ganymede\Plugins\npganymedenet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npganymedenet.dll
npganymedenet.xpt
nppdf32.dll
npvsharetvplg.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
allegro-pl.xml
babylon.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\
search.xml
startsear.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Programy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-03 9726568]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"csrs"=C:\ProgramData\csrs.exe [2011-08-25 339968]
"svhost"=C:\Program Files\Common Files\svhost.exe [2011-08-25 6855168]
"winloqon"=C:\ProgramData\winloqon.exe [2011-08-25 331776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AQQ"=D:\Programy\WAPSTE~1\AQQ.exe [2011-08-09 9118208]
"SpybotSD TeaTimer"=D:\Programy\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe --startup []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GameRanger.lnk - C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
OpenOffice.org 3.2.lnk - D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.iv41"=Ir41_32.ax
"vidc.iv50"=Ir50_32.dll

======List of files/folders created in the last 1 month======

2011-08-30 09:52:45 ----D---- C:\Program Files\trend micro
2011-08-30 09:52:44 ----D---- C:\rsit
2011-08-27 20:09:31 ----D---- C:\Program Files\vShare.tv plugin
2011-08-26 09:21:45 ----D---- C:\Data
2011-08-25 22:50:15 ----A---- C:\Windows\system32\yv12vfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidvfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidcore.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\vp7vfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\lagarith.dll
2011-08-25 22:50:15 ----A---- C:\Windows\avisplitter.ini
2011-08-25 22:50:14 ----A---- C:\Windows\system32\ff_vfw.dll
2011-08-25 22:50:12 ----D---- C:\Program Files\K-Lite Codec Pack
2011-08-25 16:25:05 ----D---- C:\Users\MY\AppData\Roaming\Media Player Classic
2011-08-25 16:17:10 ----RASH---- C:\ProgramData\winloqon.exe
2011-08-25 16:17:10 ----RASH---- C:\ProgramData\csrs.exe
2011-08-25 16:17:10 ----RASH---- C:\Program Files\Common Files\svhost.exe
2011-08-23 22:30:04 ----A---- C:\Windows\system32\tzres.dll
2011-08-16 21:24:51 ----D---- C:\Users\MY\AppData\Roaming\InstallShield
2011-08-10 01:14:35 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 01:14:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 01:14:32 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\url.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-10 01:14:23 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 01:14:16 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2011-08-30 09:52:53 ----D---- C:\Windows\Prefetch
2011-08-30 09:52:49 ----D---- C:\Windows\Temp
2011-08-30 09:52:45 ----RD---- C:\Program Files
2011-08-30 08:36:24 ----D---- C:\Windows\System32
2011-08-30 08:35:51 ----D---- C:\Windows\system32\Tasks
2011-08-30 08:18:28 ----SHD---- C:\System Volume Information
2011-08-29 13:21:36 ----D---- C:\Windows\Tasks
2011-08-29 10:05:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-29 10:05:45 ----D---- C:\Windows\inf
2011-08-27 14:42:28 ----D---- C:\Program Files\Mozilla Firefox
2011-08-27 00:02:30 ----SHD---- C:\$Recycle.Bin
2011-08-26 00:33:13 ----D---- C:\Users\MY\AppData\Roaming\Azureus
2011-08-25 22:50:15 ----D---- C:\Windows
2011-08-25 16:21:40 ----D---- C:\Windows\system32\catroot2
2011-08-25 16:17:10 ----HD---- C:\ProgramData
2011-08-25 16:17:10 ----D---- C:\Program Files\Common Files
2011-08-24 09:40:04 ----D---- C:\Windows\rescache
2011-08-24 09:28:33 ----D---- C:\Windows\winsxs
2011-08-24 09:28:32 ----D---- C:\Windows\system32\pl-PL
2011-08-23 22:27:20 ----D---- C:\Windows\system32\catroot
2011-08-21 23:09:19 ----D---- C:\Users\MY\AppData\Roaming\Skype
2011-08-16 21:30:18 ----RSD---- C:\Windows\assembly
2011-08-16 21:25:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-10 22:19:35 ----D---- C:\Windows\Microsoft.NET
2011-08-10 15:59:59 ----D---- C:\Windows\system32\drivers
2011-08-10 15:59:58 ----D---- C:\Program Files\Windows Mail
2011-08-10 13:57:36 ----A---- C:\Windows\system32\mrt.exe
2011-08-10 13:57:19 ----SHD---- C:\Windows\Installer
2011-08-10 13:57:18 ----HD---- C:\Config.Msi
2011-08-03 21:05:33 ----RD---- C:\Program Files\Skype
2011-08-03 21:05:16 ----D---- C:\ProgramData\Skype
2011-08-03 21:04:28 ----D---- C:\Users\MY\AppData\Roaming\skypePM
2011-07-31 16:59:17 ----D---- C:\Users\MY\AppData\Roaming\Image Zone Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 691696]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Programy\UltraISO\drivers\ISODrive.sys [2010-01-29 82320]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-03 3185640]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 a622dt4t;a622dt4t; C:\Windows\system32\drivers\a622dt4t.sys []
S3 Dot4;Sterownik MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Sterownik klasy drukowania dla IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 TunngleService;TunngleService; D:\Programy\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-08-15 2151640]
S2 WinService;WinService; C:\Windows\help\svchost.exe configuration []
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
[/log]


INFO:


[log]info.txt logfile of random's system information tool 1.09 2011-08-30 09:52:56

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Programy\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->"C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Archiwizator WinRAR-->D:\Programy\WinaRAR\uninstall.exe
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Babylon toolbar-->"C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe"
Bejeweled 2 Deluxe 1.0-->D:\Gry\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "D:\Gry\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Cheat Engine 6.0-->"C:\Program Files\Cheat Engine 6\unins000.exe"
Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe
Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Crysis® 2 Demo-->MsiExec.exe /X{1BF4CB15-6055-452A-8487-021AE2D91208}
CS16 Full v32.1 Non-Steam-->D:\Gry\CS\Uninstal.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Driver Cleaner 3-->C:\Program Files\Driver Cleaner\Uninst.exe
Eurobattle.net-->"C:\Windows\Eurobattle.net\uninstall.exe" "/U:D:\Gry\Warcraft III\Uninstall\uninstall.xml"
FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
FlatOut2-->C:\Program Files\InstallShield Installation Information\{4EB106F5-110F-4E96-BCBA-1687AE57A04E}\setup.exe -runfromtemp -l0x0015 -removeonly
Football Manager 2011 Russian-->"D:\Gry\FM11\Uninstall_Football Manager 2011 Russian\Uninstall Football Manager 2011 Russian.exe"
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
GIMP 2.6.10-->"D:\Programy\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.215\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn-->"D:\Programy\ImgBurn\uninstall.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
K-Lite Codec Pack 7.6.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x040c -removeonly
LOST PLANET COLONIES-->MsiExec.exe /X{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}
MahJong Suite 2009 v6.1-->"D:\Gry\MahJong Suite\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 6.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91045}
NSIS Example2-->"D:\Gry\Tibia Auto\uninstall.exe"
NVIDIA Sterownik graficzny 266.58-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9}
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
SopCast 3.3.2-->D:\Programy\SopCast\uninst.exe
Spybot - Search & Destroy-->"D:\Programy\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 3.3-->MsiExec.exe /X{1D301950-EA2F-4882-9AA0-49467756842A}
SweetIM Toolbar for Internet Explorer 3.9-->MsiExec.exe /X{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
System Requirements Lab CYRI-->MsiExec.exe /I{1F77C418-2C90-459C-BD33-B56A4182B9FA}
Tibia-->"D:\Gry\Tibia\unins000.exe"
Total Video Converter 3.11 070908-->"D:\Programy\Total Video Converter\unins000.exe"
Tunngle beta-->"D:\Programy\Tunngle\unins000.exe"
UltraISO Premium V9.36-->"D:\Programy\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VDownloader 3.0.733-->"D:\Programy\VDownloader\unins000.exe"
Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe
Vuze Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNWISE.EXE /U C:\PROGRA~1\VUZE_R~1\INSTALL.LOG
Vuze-->C:\Program Files\Vuze\uninstall.exe
WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"D:\Programy\Winamp\UninstWA.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe"

======Security center information======

AV: Lavasoft Ad-Watch Live! Anti-Virus (disabled)
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: MY-PC
Event Code: 4376
Message: Obsługa zażądała ponownego uruchomienia w celu ukończenia operacji nadawania pakietowi KB969947(Security Update) stanu Zainstalowany(Installed).
Record Number: 81023
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210250.000000-000
Event Type: Ostrzeżenie
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-32_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested).
Record Number: 81022
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210250.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4376
Message: Obsługa zażądała ponownego uruchomienia w celu ukończenia operacji nadawania pakietowi KB969947(Security Update) stanu Zainstalowany(Installed).
Record Number: 81021
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210250.000000-000
Event Type: Ostrzeżenie
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-41_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested).
Record Number: 81020
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210250.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 969947-40_neutral_PACKAGE z pakietu KB969947(Security Update) na Żądana instalacja(Install Requested).
Record Number: 81019
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210250.000000-000
Event Type: Informacje
User: MY-PC\MY

=====Application event log=====

Computer Name: 26L2233B2-11
Event Code: 1003
Message: Usługa Windows Search została uruchomiona.

Record Number: 5
Source Name: Microsoft-Windows-Search
Time Written: 20101230221730.000000-000
Event Type: Informacje
User:

Computer Name: 26L2233B2-11
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20101230221729.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101230221725.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 900
Message: Usługa licencjonowania oprogramowania jest uruchamiana.

Record Number: 2
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20101230221724.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101230221724.000000-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Security event log=====

Computer Name: MY-PC
Event Code: 5032
Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci.

Kod błędu: 2
Record Number: 2573
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110108163051.357299-000
Event Type: Niepowodzenie inspekcji
User:

Computer Name: MY-PC
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2572
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110108152942.183299-000
Event Type: Sukces inspekcji
User:

Computer Name: MY-PC
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: MY-PC$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x284
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 2571
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110108152942.183299-000
Event Type: Sukces inspekcji
User:

Computer Name: MY-PC
Event Code: 4648
Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: MY-PC$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Konto, którego poświadczenia zostały użyte:
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Serwer docelowy:
Nazwa serwera docelowego: localhost
Informacje dodatkowe: localhost

Informacje o procesie:
Identyfikator procesu: 0x284
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Adres sieciowy: -
Port: -

To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS.
Record Number: 2570
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110108152942.183299-000
Event Type: Sukces inspekcji
User:

Computer Name: MY-PC
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2569
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110108151452.168099-000
Event Type: Sukces inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
[/log]

Gość
komentarz
komentarz (edytowane)

[b]1[/b]. Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[php]:Files
C:\ProgramData\csrs.exe
C:\ProgramData\winloqon.exe
C:\Program Files\Common Files\svhost.exe

:Services
WinService

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=18606
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
O4 - HKLM..\Run: [csrs] C:\ProgramData\csrs.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe ()
O4 - HKLM..\Run: [winloqon] C:\ProgramData\winloqon.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKCU..\Run: [Raptr] File not found
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE
@Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV

:Commands
[emptyflash]
[emptytemp][/php]


Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

[b]2[/b]. Pobierz Ad-remover [color="#0000FF"][b] [url="http://www.teamxscript.org/too/AD-R.exe"]KLIK[/url][/b][/color] i daj log z opcji SCAN. Wykonaj nowe logi z OTL.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

W międzyczasie kiedy odpisywałeś na mojego posta byłem poza domem, kiedy wróciłem i włączyłem komputer, już nie działał.
Na początku były tylko przeglądarki, na stronie startowej włączały się pornole..
Komputer włącza się normalnie. Po obrazie z napisem "Zapraszamy" widzę tylko czarny ekran i myszkę, nie widzę pulpitu, oraz wyskakuję błąd "Not found"
Mam system Vista.

Co mam zrobić w takim wypadku?!

Gość
komentarz
komentarz

[quote]Co mam zrobić w takim wypadku?! [/quote]

startuj do trybu awaryjnego [b]F8[/b]

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Kiedy włączam w trybie awaryjnym zgodnie z Twoją instrukcją dzieje się to samo, nie mam pulpitu.

Gość
komentarz
komentarz

Z tego co widzę masz dostęp do innego kompa i netu.

Pobierz gotową OTLPe [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/[/url]
Nagraj na CD i spróbuj z niej wystartować na kompa. Przeczytaj uważnie temat.
Jak się uda potrzebny bedzie pendrajw, na którym podasz logi do wykonania.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Tak, teraz siedze na laptopie, mam pytanie, czy to może być płyta RW ? Bo nie mam innych aktualnie..

Gość
komentarz
komentarz

Może być.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz (edytowane)

Udało się!
Oto OTL:
[log]
OTL logfile created on: 8/31/2011 12:39:55 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 4.54 Gb Free Space | 6.64% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto] -- -- (WinService)
SRV - File not found [Auto] -- -- (TunngleService)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - [2011/08/15 09:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | System] -- -- (ISODrive)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/31 08:49:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/09/16 02:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\MY_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\MY_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\MY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/27 08:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 14:09:31 | 000,000,000 | ---D | M]

[2010/12/30 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Extensions
[2011/08/25 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\extensions
[2011/08/30 02:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml
[2011/08/03 15:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/03 15:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/09 13:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/02 10:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 01:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/27 05:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/03 04:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/27 08:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/24 06:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011/06/09 07:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011/05/23 06:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010/01/01 04:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010/01/01 04:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010/01/01 04:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010/01/01 04:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [csrs] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [services.exe] C:\Windows\System32\services.exe.exe ()
O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winloqon] File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\MY_ON_C..\Run: [AQQ] File not found
O4 - HKU\MY_ON_C..\Run: [Raptr] File not found
O4 - HKU\MY_ON_C..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = File not found
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell - "" = AutoRun
O33 - MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\AutoRun\command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\explore\Command - "" = L:\EXPLORER.EXE
O33 - MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\Shell\open\Command - "" = L:\EXPLORER.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6
[2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6
[2011/08/30 04:56:17 | 000,000,000 | -H-D | C] -- C:\host
[2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6
[2011/08/30 04:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6
[2011/08/30 03:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/30 03:52:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/27 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011/08/26 03:21:45 | 000,000,000 | ---D | C] -- C:\Data
[2011/08/25 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/08/25 16:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011/08/25 16:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/08/25 16:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011/08/25 16:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/08/25 16:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/08/25 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/08/25 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic
[2011/08/25 10:17:10 | 000,339,968 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe
[2011/08/25 10:17:10 | 000,331,776 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe
[2011/08/23 16:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy
[2011/08/16 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011/08/16 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield
[2011/08/09 19:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 19:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 19:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/09 19:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/09 19:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/09 19:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/09 19:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/09 19:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/09 19:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/09 19:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/07 13:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh
[2011/08/03 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares
[2011/08/03 15:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/03 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/08/30 17:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 17:16:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/30 15:43:52 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 15:43:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 15:43:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 15:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/30 07:50:03 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 05:37:25 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011/08/30 05:37:25 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 05:37:25 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011/08/30 05:37:25 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 05:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 05:03:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2011/08/30 05:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini
[2011/08/29 07:24:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/29 07:24:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/25 16:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/08/25 10:17:09 | 006,855,168 | RHS- | M] () -- C:\Program Files\Common Files\svhost.exe
[2011/08/25 10:17:09 | 000,339,968 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\csrs.exe
[2011/08/25 10:17:09 | 000,331,776 | RHS- | M] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\ProgramData\winloqon.exe
[2011/08/23 16:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011/08/16 15:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011/08/16 15:25:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011/08/08 04:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/08 04:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/08/03 15:30:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/03 15:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/03 15:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/08/30 15:44:04 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/30 04:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini
[2011/08/30 04:56:39 | 000,663,697 | ---- | C] () -- C:\Windows\System32\services.exe.exe
[2011/08/25 16:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/25 16:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/25 16:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/08/25 16:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/25 16:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/25 10:17:10 | 006,855,168 | RHS- | C] () -- C:\Program Files\Common Files\svhost.exe
[2011/08/23 16:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011/08/16 15:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011/08/03 15:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/23 07:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3
[2011/07/19 15:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1
[2011/07/19 08:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0
[2011/07/19 08:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2
[2011/04/25 05:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 05:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/13 15:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll
[2011/04/13 15:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll
[2011/04/13 15:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/27 06:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2011/01/23 09:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/01/23 05:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/22 04:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/22 04:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/12 18:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/01/09 16:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/01/05 10:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/04 03:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/01/01 11:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/01 10:53:50 | 000,000,085 | ---- | C] () -- C:\Users\MY\AppData\default.pls
[2010/12/31 13:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll
[2010/12/31 09:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat
[2010/12/31 07:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 05:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe
[2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe
[2010/02/04 05:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe
[2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/02/28 19:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006/12/05 01:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006/12/05 01:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006/12/05 01:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006/12/05 01:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\app
[2011/08/25 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Azureus
[2011/01/01 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\DAEMON Tools Lite
[2011/07/21 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus 2
[2011/07/19 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/23 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/19 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/08/30 04:53:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\EurekaLog
[2011/05/23 06:17:32 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GameRanger
[2011/02/05 08:24:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GanymedeNet
[2011/03/05 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\gtk-2.0
[2011/07/31 10:59:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Image Zone Express
[2011/03/04 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\ImgBurn
[2011/03/19 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Leadertech
[2011/03/18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\LolClient
[2011/01/14 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\MahJong Suite
[2011/01/09 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\OpenOffice.org
[2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PlayerPlug
[2011/01/04 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Printer Info Cache
[2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PropMgrAsync
[2011/02/12 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Raptr
[2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/02 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Sports Interactive
[2011/03/14 06:02:57 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\sqlitestudio
[2011/06/17 05:06:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tibia
[2011/01/12 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tunngle
[2011/03/31 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\VDownloader
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/31 08:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dane aplikacji
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumenty
[2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Start
[2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2011/03/18 10:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2011/01/23 09:56:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Pulpit
[2011/01/02 08:48:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/27 01:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Szablony
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/14 15:19:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TreeCardGames
[2011/01/12 15:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Ulubione
[2010/12/31 06:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/08/30 17:16:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/08/30 15:32:58 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\MY\Desktop\ABS.avi:TOC.WMV
< End of report >
[/log]

Gość
komentarz
komentarz (edytowane)

[quote]Udało się![/quote]

Udało ci się wejść do systemu. Infekcja jest nie usunięta, bo niby jak. Teraz skopiuj skrypt, który podałem do notatnika i zapisz go na pendriwie jako Skrypt.txt
Podepnij pendraiw do zainfekowanego kompa i przeklej treść skryptu w okno OTL, potem kliknij na wykonaj skrypt. Nastąpi usuwanie infekcji.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Gotowe.
Oto Fixlog:
[log]
========== FILES ==========
C:\ProgramData\csrs.exe moved successfully.
C:\ProgramData\winloqon.exe moved successfully.
C:\Program Files\Common Files\svhost.exe moved successfully.
========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinService deleted successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files\Vuze_Remote\tbVuze.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\tbVuze.dll not found.
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\csrs deleted successfully.
File C:\ProgramData\csrs.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svhost deleted successfully.
File C:\Program Files\Common Files\svhost.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winloqon deleted successfully.
File C:\ProgramData\winloqon.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Raptr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09245eec-14de-11e0-902e-001a4d274e7c}\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found.
File L:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found.
File L:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f921303f-35e4-11e0-85ea-001a4d274e7c}\ not found.
File L:\EXPLORER.EXE not found.
ADS C:\Users\MY\Desktop\ABS.avi:TOC.WMV deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MY
->Temp folder emptied: 447349513 bytes
->Temporary Internet Files folder emptied: 152942193 bytes
->Java cache emptied: 680043 bytes
->FireFox cache emptied: 45354695 bytes
->Google Chrome cache emptied: 32105704 bytes
->Flash cache emptied: 147191 bytes

User: Public

Total Flash Files Cleaned = 647.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166981529 bytes

Total Files Cleaned = 159.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 08312011_022846
[/log]

Gość
komentarz
komentarz

Powtórz jeszcze mały skrypt korygujacy.

[php]:Files
C:\host
C:\Windows\System32\services.exe.exe[/php]

Jak wykonasz ten skrypt, spróbuj uruchomić Windowsa normalnie.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Niestety, problem jest ten sam: nie mam pulpitu, robi się to samo co na początku..

Gość
komentarz
komentarz

Zrób nowe logi z OTLPe ustaw wszystko jak na obrazku [url="http://imageshack.us/photo/my-images/51/tl2p.png/"]http://imageshack.us/photo/my-images/51/tl2p.png/[/url],
opcja [b]EXtra Registry[/b] też ma być zaznaczona. Czy masz płytę z Vistą?

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz (edytowane)

Mam płytę z Vistą.

Logi:
[log]
OTL logfile created on: 8/31/2011 1:09:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 3.36 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto] -- -- (TunngleService)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - [2011/08/15 09:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | System] -- -- (ISODrive)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/31 08:49:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/09/16 02:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/?aff=1"]http://startsear.ch/?aff=1[/url]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\MY_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\MY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/27 08:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 14:09:31 | 000,000,000 | ---D | M]

[2010/12/30 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Extensions
[2011/08/25 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\extensions
[2011/08/30 02:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml
[2011/08/03 15:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/03 15:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/09 13:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/02 10:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 01:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/27 05:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/03 04:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/27 08:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/24 06:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011/06/09 07:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011/05/23 06:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 04:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010/01/01 04:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010/01/01 04:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010/01/01 04:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010/01/01 04:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\MY_ON_C\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [services.exe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\MY_ON_C..\Run: [AQQ] File not found
O4 - HKU\MY_ON_C..\Run: [SpybotSD TeaTimer] File not found
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = File not found
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/08/31 02:28:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6
[2011/08/30 04:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6
[2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2011/08/30 04:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6
[2011/08/30 04:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6
[2011/08/30 03:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/30 03:52:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/27 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011/08/26 03:21:45 | 000,000,000 | ---D | C] -- C:\Data
[2011/08/25 16:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/08/25 16:50:15 | 000,839,680 | ---- | C] ([url="http://www.mp3dev.org/"]http://www.mp3dev.org/[/url]) -- C:\Windows\System32\lameACM.acm
[2011/08/25 16:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/08/25 16:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011/08/25 16:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/08/25 16:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/08/25 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/08/25 10:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic
[2011/08/23 16:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy
[2011/08/16 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011/08/16 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield
[2011/08/09 19:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/09 19:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/09 19:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/09 19:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/09 19:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/09 19:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/09 19:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/09 19:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/09 19:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/09 19:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/07 13:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh
[2011/08/03 15:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares
[2011/08/03 15:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/03 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/08/31 00:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/31 00:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/31 00:49:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/08/31 00:49:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 00:49:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 00:49:05 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 00:48:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/31 00:48:55 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 07:50:03 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 05:37:25 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011/08/30 05:37:25 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 05:37:25 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011/08/30 05:37:25 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 05:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 05:03:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
[2011/08/30 05:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini
[2011/08/25 16:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/08/23 16:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011/08/16 15:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011/08/16 15:25:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011/08/08 04:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/08 04:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011/08/03 15:30:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/08/03 15:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/03 15:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/08/31 00:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 04:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini
[2011/08/25 16:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/25 16:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/25 16:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/08/25 16:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/08/25 16:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/23 16:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011/08/16 15:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011/08/03 15:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/23 07:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3
[2011/07/19 15:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1
[2011/07/19 08:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0
[2011/07/19 08:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2
[2011/04/25 05:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 05:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/13 15:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll
[2011/04/13 15:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll
[2011/04/13 15:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/27 06:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2011/01/23 09:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/01/23 05:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/22 04:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/22 04:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/12 18:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/01/09 16:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/01/05 10:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/04 03:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/01/01 11:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/01 10:53:50 | 000,000,085 | ---- | C] () -- C:\Users\MY\AppData\default.pls
[2010/12/31 13:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll
[2010/12/31 09:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat
[2010/12/31 07:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 05:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe
[2010/02/04 11:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe
[2010/02/04 05:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe
[2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/02/28 19:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006/12/05 01:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006/12/05 01:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006/12/05 01:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006/12/05 01:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\app
[2011/08/25 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Azureus
[2011/01/01 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\DAEMON Tools Lite
[2011/07/21 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus 2
[2011/07/19 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/23 07:45:59 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/07/19 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/08/30 04:53:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\EurekaLog
[2011/05/23 06:17:32 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GameRanger
[2011/02/05 08:24:12 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\GanymedeNet
[2011/03/05 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\gtk-2.0
[2011/07/31 10:59:17 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Image Zone Express
[2011/03/04 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\ImgBurn
[2011/03/19 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Leadertech
[2011/03/18 11:10:22 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\LolClient
[2011/01/14 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\MahJong Suite
[2011/01/09 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\OpenOffice.org
[2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PlayerPlug
[2011/01/04 15:56:37 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Printer Info Cache
[2011/02/10 12:05:34 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\PropMgrAsync
[2011/02/12 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Raptr
[2011/07/19 08:39:14 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/01/02 08:48:07 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Sports Interactive
[2011/03/14 06:02:57 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\sqlitestudio
[2011/06/17 05:06:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tibia
[2011/01/12 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\Tunngle
[2011/03/31 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\MY\AppData\Roaming\VDownloader
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/31 08:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dane aplikacji
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumenty
[2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/05/07 13:23:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Start
[2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/03/20 16:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2011/03/18 10:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2011/01/23 09:56:05 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Pulpit
[2011/01/02 08:48:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/27 01:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Szablony
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/14 15:19:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TreeCardGames
[2011/01/12 15:36:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/12/30 18:25:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\Ulubione
[2010/12/31 06:01:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/08/31 00:49:46 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

[/log]


[log]OTL Extras logfile created on: 8/31/2011 1:09:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 3.36 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 66.54 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 39.56 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AQQ" = WapSter AQQ
"BabylonToolbar" = Babylon toolbar
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BicTrainer pod 7.6" = BicTrainer pod 7.6
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner" = Driver Cleaner 3
"Eurobattle.net1.24b" = Eurobattle.net
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"MahJong Suite_is1" = MahJong Suite 2009 v6.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl)
"Mpa Bot pod 7.6" = Mpa Bot pod 7.6
"SopCast" = SopCast 3.3.2
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia 7.6
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.36
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\MY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: wszystkie elementy
"Winamp Detect" = Detektor Winampa

< End of report >

[/log]

Gość
komentarz
komentarz

Mała kosmetyka, która zapewne nie przyniesie efektu.

Wykonaj w OTL następujący skrypt

[php]:OTL
O20 - HKLM Winlogon: Shell - (C:\RECYCLER\services.exe) - C:\RECYCLER\services.exe ()[/php]

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Fix log:
[log]========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\services.exe deleted successfully.
C:\RECYCLER\services.exe moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 08312011_140416

[/log]

Gość
komentarz
komentarz

Napisałem na PW co masz zrobić. Jeśli masz plyte z Vista zastartuj z niej na kompa i wykonaj naprawe systemu.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Komputerek sprawny, wszystko śmiga ładnie.
Dla pewności wkleję tutaj logi po odzyskiwaniu systemu:

OTL:

[log]OTL logfile created on: 2011-08-31 11:56:29 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,32% Memory free
4,25 Gb Paging File | 2,99 Gb Available in Paging File | 70,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 6,80 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\Programy\OTL(2).exe
PRC - [2011-08-27 14:42:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-08-15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011-08-09 20:55:50 | 009,118,208 | ---- | M] (Creative Team S.A.) -- D:\Programy\WapSter AQQ\AQQ.exe
PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe
PRC - [2010-11-07 11:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-08-27 14:42:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-07-18 12:02:10 | 000,577,536 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\SMS.dll
MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet1.dll
MOD - [2011-07-14 13:27:48 | 000,890,880 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\GGNet.dll
MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010-08-25 11:41:20 | 000,304,640 | ---- | M] () -- D:\Programy\WapSter AQQ\System\Shared\Plugins\Contact.dll
MOD - [2009-06-19 23:47:52 | 000,293,888 | ---- | M] () -- C:\Users\MY\WapSter\AQQ Folder\Profiles\Maciek\Plugins\SpellChecker.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-27 14:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M]

[2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions
[2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions
[2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-08-27 14:42:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [services.exe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKCU..\Run: [Raptr] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-08-31 08:28:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6
[2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6
[2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6
[2011-08-30 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6
[2011-08-30 09:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-08-30 09:52:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data
[2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic
[2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy
[2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield
[2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh
[2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares
[2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-08-31 14:51:29 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-31 14:42:56 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-31 14:42:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-31 14:42:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-31 14:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-31 14:42:46 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-31 14:41:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011-08-31 14:33:05 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-08-31 14:33:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-31 14:33:05 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-08-31 14:33:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-31 06:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011-08-31 06:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011-08-30 11:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-30 11:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini
[2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel
[2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-08-31 06:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011-08-30 10:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini
[2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel
[2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3
[2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1
[2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0
[2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2
[2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll
[2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll
[2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll
[2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat
[2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe
[2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe
[2010-02-04 11:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe
[2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

[/log]
Extras

[log]OTL Extras logfile created on: 2011-08-31 12:03:43 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,79% Memory free
4,25 Gb Paging File | 2,66 Gb Available in Paging File | 62,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 6,79 Gb Free Space | 9,94% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher |
"{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher |
"{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe |
"{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe |
"{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system |
"{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe |
"{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe |
"{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe |
"{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe |
"{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe |
"TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe |
"TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe |
"UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |
"UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe |
"UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AQQ" = WapSter AQQ
"BabylonToolbar" = Babylon toolbar
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BicTrainer pod 7.6" = BicTrainer pod 7.6
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner" = Driver Cleaner 3
"Eurobattle.net1.24b" = Eurobattle.net
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"MahJong Suite_is1" = MahJong Suite 2009 v6.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl)
"Mpa Bot pod 7.6" = Mpa Bot pod 7.6
"SopCast" = SopCast 3.3.2
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia 7.6
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.36
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: wszystkie elementy
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:54 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura
czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator
procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f.

Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff
Godzina
zakończenia: 18

Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227
Description =

Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura
czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura
czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator
procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56.

[ System Events ]
Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-08-30 17:16:51 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-08-31 08:27:12 | Computer Name = MY-PC | Source = sptd | ID = 262148
Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Error - 2011-08-31 08:28:21 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-08-31 08:30:15 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290
Description =


< End of report >

[/log]

Log:

[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by MY at 2011-08-31 12:00:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 7 GB (10%) free of 70 GB
Total RAM: 2047 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:32, on 2011-08-31
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Programy\WapSter AQQ\AQQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\MY\Desktop\Programy\OTL(2).exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MY\Desktop\Programy\RSIT.exe
C:\Program Files\trend micro\MY.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [services.exe] C:\Windows\system32\services.exe.exe
O4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: GameRanger.lnk = C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O4 - Startup: OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Programy\Tunngle\TnglCtrl.exe

--
End of file - 8018 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "google.com"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2, cssreloader@kenneth.io:1.0.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0]
"Description"=npganymedenet
"Path"=C:\Program Files\Ganymede\Plugins\npganymedenet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npganymedenet.dll
npganymedenet.xpt
nppdf32.dll
npvsharetvplg.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
allegro-pl.xml
babylon.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\
search.xml
startsear.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Programy\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-06-01 177712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-09-03 9726568]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"services.exe"=C:\Windows\system32\services.exe [2009-04-11 279552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AQQ"=D:\Programy\WAPSTE~1\AQQ.exe [2011-08-09 9118208]
"SpybotSD TeaTimer"=D:\Programy\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe --startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe [2011-04-08 235168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GameRanger.lnk - C:\Users\MY\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
OpenOffice.org 3.2.lnk - D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.iv41"=Ir41_32.ax
"vidc.iv50"=Ir50_32.dll

======List of files/folders created in the last 1 month======

2011-08-31 19:12:56 ----A---- C:\Extras.Txt
2011-08-31 08:28:46 ----D---- C:\_OTL
2011-08-31 06:48:55 ----ASH---- C:\hiberfil.sys
2011-08-31 06:43:20 ----A---- C:\OTL.Txt
2011-08-30 21:26:26 ----A---- C:\Windows\ntbtlog.txt
2011-08-30 10:57:03 ----A---- C:\Windows\system32\tcfg.ini
2011-08-30 10:57:01 ----D---- C:\Program Files\BicTrainer 7.6
2011-08-30 10:56:17 ----D---- C:\RECYCLER
2011-08-30 10:56:16 ----D---- C:\Program Files\Mpa bot 7.6
2011-08-30 09:52:45 ----D---- C:\Program Files\trend micro
2011-08-30 09:52:44 ----D---- C:\rsit
2011-08-27 20:09:31 ----D---- C:\Program Files\vShare.tv plugin
2011-08-26 09:21:45 ----D---- C:\Data
2011-08-25 22:50:15 ----A---- C:\Windows\system32\yv12vfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidvfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\xvidcore.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\vp7vfw.dll
2011-08-25 22:50:15 ----A---- C:\Windows\system32\lagarith.dll
2011-08-25 22:50:15 ----A---- C:\Windows\avisplitter.ini
2011-08-25 22:50:14 ----A---- C:\Windows\system32\ff_vfw.dll
2011-08-25 22:50:12 ----D---- C:\Program Files\K-Lite Codec Pack
2011-08-25 16:25:05 ----D---- C:\Users\MY\AppData\Roaming\Media Player Classic
2011-08-23 22:30:04 ----A---- C:\Windows\system32\tzres.dll
2011-08-16 21:24:51 ----D---- C:\Users\MY\AppData\Roaming\InstallShield
2011-08-10 01:14:35 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 01:14:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 01:14:32 ----A---- C:\Windows\system32\wininet.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\urlmon.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\url.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\mshtml.dll
2011-08-10 01:14:32 ----A---- C:\Windows\system32\iertutil.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\mstime.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\iepeers.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieframe.dll
2011-08-10 01:14:31 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-10 01:14:23 ----A---- C:\Windows\system32\xmllite.dll
2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-10 01:14:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-10 01:14:16 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2011-08-31 14:43:15 ----D---- C:\Windows\system32\Tasks
2011-08-31 14:33:05 ----D---- C:\Windows\System32
2011-08-31 14:33:05 ----D---- C:\Windows\inf
2011-08-31 14:33:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-31 14:28:23 ----D---- C:\Windows\Tasks
2011-08-31 12:00:32 ----D---- C:\Windows\Temp
2011-08-31 12:00:25 ----D---- C:\Windows\Prefetch
2011-08-31 08:28:48 ----D---- C:\Program Files\Vuze_Remote
2011-08-31 08:28:46 ----HD---- C:\ProgramData
2011-08-31 08:28:46 ----D---- C:\Program Files\Common Files
2011-08-30 21:26:26 ----D---- C:\Windows
2011-08-30 10:57:01 ----RD---- C:\Program Files
2011-08-30 10:53:37 ----D---- C:\Users\MY\AppData\Roaming\EurekaLog
2011-08-30 08:18:28 ----SHD---- C:\System Volume Information
2011-08-27 14:42:28 ----D---- C:\Program Files\Mozilla Firefox
2011-08-27 00:02:30 ----SHD---- C:\$Recycle.Bin
2011-08-26 00:33:13 ----D---- C:\Users\MY\AppData\Roaming\Azureus
2011-08-25 16:21:40 ----D---- C:\Windows\system32\catroot2
2011-08-24 09:40:04 ----D---- C:\Windows\rescache
2011-08-24 09:28:33 ----D---- C:\Windows\winsxs
2011-08-24 09:28:32 ----D---- C:\Windows\system32\pl-PL
2011-08-23 22:27:20 ----D---- C:\Windows\system32\catroot
2011-08-21 23:09:19 ----D---- C:\Users\MY\AppData\Roaming\Skype
2011-08-16 21:30:18 ----RSD---- C:\Windows\assembly
2011-08-16 21:25:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-10 22:19:35 ----D---- C:\Windows\Microsoft.NET
2011-08-10 15:59:59 ----D---- C:\Windows\system32\drivers
2011-08-10 15:59:58 ----D---- C:\Program Files\Windows Mail
2011-08-10 13:57:36 ----A---- C:\Windows\system32\mrt.exe
2011-08-10 13:57:19 ----SHD---- C:\Windows\Installer
2011-08-10 13:57:18 ----HD---- C:\Config.Msi
2011-08-03 21:05:33 ----RD---- C:\Program Files\Skype
2011-08-03 21:05:16 ----D---- C:\ProgramData\Skype
2011-08-03 21:04:28 ----D---- C:\Users\MY\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-31 691696]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Programy\UltraISO\drivers\ISODrive.sys [2010-01-29 82320]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-09-03 3185640]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 argu8fop;argu8fop; C:\Windows\system32\drivers\argu8fop.sys []
S3 Dot4;Sterownik MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Sterownik klasy drukowania dla IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-08-15 2151640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 TunngleService;TunngleService; D:\Programy\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[/log]

Info:

[log]info.txt logfile of random's system information tool 1.09 2011-08-31 12:00:33

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Programy\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->"C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Archiwizator WinRAR-->D:\Programy\WinaRAR\uninstall.exe
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Babylon toolbar-->"C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe"
Bejeweled 2 Deluxe 1.0-->D:\Gry\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "D:\Gry\PopCap Games\Bejeweled 2 Deluxe\Install.log"
BicTrainer pod 7.6-->C:\Program Files\BicTrainer 7.6\uninstall.exe
Cheat Engine 6.0-->"C:\Program Files\Cheat Engine 6\unins000.exe"
Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe
Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Crysis® 2 Demo-->MsiExec.exe /X{1BF4CB15-6055-452A-8487-021AE2D91208}
CS16 Full v32.1 Non-Steam-->D:\Gry\CS\Uninstal.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Driver Cleaner 3-->C:\Program Files\Driver Cleaner\Uninst.exe
Eurobattle.net-->"C:\Windows\Eurobattle.net\uninstall.exe" "/U:D:\Gry\Warcraft III\Uninstall\uninstall.xml"
FIFA 11-->MsiExec.exe /X{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}
FlatOut2-->C:\Program Files\InstallShield Installation Information\{4EB106F5-110F-4E96-BCBA-1687AE57A04E}\setup.exe -runfromtemp -l0x0015 -removeonly
Football Manager 2011 Russian-->"D:\Gry\FM11\Uninstall_Football Manager 2011 Russian\Uninstall Football Manager 2011 Russian.exe"
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
GIMP 2.6.10-->"D:\Programy\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.218\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn-->"D:\Programy\ImgBurn\uninstall.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
K-Lite Codec Pack 7.6.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->"C:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x040c -removeonly
LOST PLANET COLONIES-->MsiExec.exe /X{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}
MahJong Suite 2009 v6.1-->"D:\Gry\MahJong Suite\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 6.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mpa Bot pod 7.6-->E:\Gry\Tibia\Mpa Bot pod 7.6\uninstall.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /I{C1E544E5-EF3C-4103-A57B-3A499FD91045}
NSIS Example2-->"D:\Gry\Tibia Auto\uninstall.exe"
NVIDIA Sterownik graficzny 266.58-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9}
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
SopCast 3.3.2-->D:\Programy\SopCast\uninst.exe
Spybot - Search & Destroy-->"D:\Programy\Spybot - Search & Destroy\unins000.exe"
SweetIM for Messenger 3.3-->MsiExec.exe /X{1D301950-EA2F-4882-9AA0-49467756842A}
SweetIM Toolbar for Internet Explorer 3.9-->MsiExec.exe /X{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
System Requirements Lab CYRI-->MsiExec.exe /I{1F77C418-2C90-459C-BD33-B56A4182B9FA}
Tibia 7.6-->E:\Gry\Tibia\unins000.exe
Total Video Converter 3.11 070908-->"D:\Programy\Total Video Converter\unins000.exe"
Tunngle beta-->"D:\Programy\Tunngle\unins000.exe"
UltraISO Premium V9.36-->"D:\Programy\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VDownloader 3.0.733-->"D:\Programy\VDownloader\unins000.exe"
Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe
Vuze Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNWISE.EXE /U C:\PROGRA~1\VUZE_R~1\INSTALL.LOG
Vuze-->C:\Program Files\Vuze\uninstall.exe
WapSter AQQ-->D:\Programy\WapSter AQQ\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"D:\Programy\Winamp\UninstWA.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe"

======Security center information======

AV: Lavasoft Ad-Watch Live! Anti-Virus (disabled)
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1373_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed).
Record Number: 81486
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210251.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1372_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed).
Record Number: 81485
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210251.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1371_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed).
Record Number: 81484
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210251.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1370_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed).
Record Number: 81483
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210251.000000-000
Event Type: Informacje
User: MY-PC\MY

Computer Name: MY-PC
Event Code: 4386
Message: Obsługa systemu Windows zażądała ponownego uruchomienia w celu ukończenia zmieniania stanu aktualizacji 967723-1369_neutral_PACKAGE z pakietu KB967723(Security Update) na Zainstalowany(Installed).
Record Number: 81482
Source Name: Microsoft-Windows-Servicing
Time Written: 20110323210251.000000-000
Event Type: Informacje
User: MY-PC\MY

=====Application event log=====

Computer Name: 26L2233B2-11
Event Code: 1003
Message: Usługa Windows Search została uruchomiona.

Record Number: 5
Source Name: Microsoft-Windows-Search
Time Written: 20101230221730.000000-000
Event Type: Informacje
User:

Computer Name: 26L2233B2-11
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20101230221729.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101230221725.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 900
Message: Usługa licencjonowania oprogramowania jest uruchamiana.

Record Number: 2
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20101230221724.000000-000
Event Type: Informacje
User:

Computer Name: LH-NV83FKO2OB9R
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101230221724.000000-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Security event log=====

Computer Name: MY-PC
Event Code: 5032
Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci.

Kod błędu: 2
Record Number: 2913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110112075359.980504-000
Event Type: Niepowodzenie inspekcji
User:

Computer Name: MY-PC
Event Code: 5032
Message: Zapora systemu Windows nie może powiadomić użytkownika, że zablokowała aplikacji możliwość akceptowania połączeń przychodzących z sieci.

Kod błędu: 2
Record Number: 2912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110112075356.844904-000
Event Type: Niepowodzenie inspekcji
User:

Computer Name: MY-PC
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 3

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-7
Nazwa konta: LOGOWANIE ANONIMOWE
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x27cab
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x0
Nazwa procesu: -

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: NtLmSsp
Pakiet uwierzytelniania: NTLM
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): NTLM V1
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 2911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110112075351.111504-000
Event Type: Sukces inspekcji
User:

Computer Name: MY-PC
Event Code: 5024
Message: Usługa Zapora systemu Windows została pomyślnie uruchomiona.
Record Number: 2910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110112075351.016504-000
Event Type: Sukces inspekcji
User:

Computer Name: MY-PC
Event Code: 5033
Message: Sterownik Zapory systemu Windows został pomyślnie uruchomiony.
Record Number: 2909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110112075350.672504-000
Event Type: Sukces inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

[/log]

Gość
komentarz
komentarz

Jeszcze nie skończyliśmy.
Pobierz Ad-remover link do programu jest w moim pierwszym poście tematu. Uruchom go i wykonaj scan. Wstaw log z [b]Ad-remover[/b] do wglądu.

  • Dobra wypowiedź 1
Mitgethar
komentarz
komentarz

Log z Ad-removera :
[log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 20:57:04 on 31/08/2011, Normal boot

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
MY@MY-PC (PC-FACTORY GA-945GZM-S2)

============== SEARCH ==============


File found: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
Folder found: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\conduit
Folder found: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\ConduitEngine
Folder found: C:\Program Files\Ask.com
Folder found: C:\Users\MY\AppData\LocalLow\AskToolbar
Folder found: C:\Users\MY\AppData\LocalLow\Conduit
Folder found: C:\Program Files\Conduit
Folder found: C:\Users\MY\AppData\LocalLow\ConduitEngine
Folder found: C:\Program Files\ConduitEngine
Folder found: C:\ProgramData\PopCap Games
Folder found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
Folder found: C:\Users\MY\AppData\LocalLow\Toolbar4
File found: C:\Users\MY\Downloads\vshare-plugin.exe
File found: C:\Users\MY\Downloads\iMeshV10.exe

Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key found: HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key found: HKLM\Software\Classes\CLSID\{85253941-74E7-4CA1-92BB-694F5D3A4DE4}
Key found: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key found: HKLM\Software\Classes\CLSID\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC}
Key found: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key found: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key found: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key found: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key found: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key found: HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key found: HKLM\Software\Classes\Toolbar.CT2504091
Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\conduitEngine
Key found: HKLM\Software\PopCap
Key found: HKLM\Software\Trymedia Systems
Key found: HKCU\Software\Ask.com
Key found: HKCU\Software\Conduit
Key found: HKCU\Software\PopCap
Key found: HKCU\Software\AppDataLow\AskToolbarInfo
Key found: HKCU\Software\AppDataLow\Toolbar
Key found: HKCU\Software\AppDataLow\Software\AskToolbar
Key found: HKCU\Software\AppDataLow\Software\Conduit
Key found: HKCU\Software\AppDataLow\Software\conduitEngine
Key found: HKLM\Software\Cheat Engine\OpenCandy
Key found: HKLM\Software\VDownloader\OpenCandy
Key found: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899}
Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key found: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0.1 (pl)] ****

Plugins\npganymedenet.dll ( )
Plugins\npvsharetvplg.dll (vShare.tv )
Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x)
HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&amp;sourceid=Mozilla-search)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&amp;q={searchTerms}&amp;mntrId=709060d900000000000000ffe2bf8d0f&amp;tlver=1.4.19.19&amp;affID=18606/)
Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results)
Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&amp;fraza={searchTerms}&amp;skad=crhhxmkohb)
Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms})
Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj)
Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&amp;r=T&amp;szukaj={searchTerms})
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype extension )

-- C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default --
Searchplugins\search.xml (?)
Searchplugins\startsear.xml (?)
Prefs.js - browser.search.selectedEngine,
Prefs.js - browser.startup.homepage, google.com
Prefs.js - browser.startup.homepage_override.mstone, false
Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=

========================================

**** Internet Explorer Version [7.0.6002.18005] ****

HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://vshare.toolbarhome.com/?hp=df
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://startsear.ch/?aff=1
AboutUrls|Tabs - hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=709060d900000000000000ffe2bf8d0f&tlver=1.4.19.19&affID=18606
HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} (x)
HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKLM_SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} - "Web Search" (hxxp://startsear.ch/?aff=1&q={searchTerms})
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (C:\Program Files\vShare.tv plugin\BarLcher.dll)
HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x)
HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (C:\Program Files\vShare.tv plugin\BarLcher.dll)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{11AF66E1-6BDE-4AA0-A061-65188608936B} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PlayerPlug.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\TbHelper2.exe (x)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{6CF0FDB5-3F57-46B4-8891-138DF970A9D6} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\{973F1DA1-9BE8-49C1-A68D-EAA0D9847898} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PropMgrAsync.exe (x)
HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
HKLM_ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll)
BHO\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - "IE5BarLauncherBHO Class" (C:\Program Files\vShare.tv plugin\BarLcher.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} (?)
BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Sopcast Ask Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll) (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 0 File(s)

C:\Ad-Report-SCAN[1].txt - 31/08/2011 20:57:09 (13063 Byte(s))

End at: 20:57:46, 31/08/2011

============== E.O.F ==============

[/log]

Gość
komentarz
komentarz

Uruchom [b]Ad-remover[/b] i kliknij opcje [b]Clean[/b], to usunie śmieciarskie Toolbary.
Odinstaluj RSIT
Pokaż nowe logi z OTL. Powoli przejdziemy do czynności końcowych.

Mitgethar
komentarz
komentarz

Log z Ad-remover clean'a :
[log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 21:23:15 on 31/08/2011, Normal boot

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
MY@MY-PC (PC-FACTORY GA-945GZM-S2)

============== ACTION(S) ==============


File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
Folder deleted: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\conduit
Folder deleted: C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default\ConduitEngine
Folder deleted: C:\Program Files\Ask.com
Folder deleted: C:\Users\MY\AppData\LocalLow\AskToolbar
Folder deleted: C:\Users\MY\AppData\LocalLow\Conduit
Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\Users\MY\AppData\LocalLow\ConduitEngine
Folder deleted: C:\Program Files\ConduitEngine
Folder deleted: C:\ProgramData\PopCap Games
Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
Folder deleted: C:\Users\MY\AppData\LocalLow\Toolbar4
File deleted: C:\Users\MY\Downloads\vshare-plugin.exe
File deleted: C:\Users\MY\Downloads\iMeshV10.exe

(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key deleted: HKLM\Software\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key deleted: HKLM\Software\Classes\CLSID\{85253941-74E7-4CA1-92BB-694F5D3A4DE4}
Key deleted: HKLM\Software\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key deleted: HKLM\Software\Classes\CLSID\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9B8FE581-6E98-4D3D-BC6F-BAE7A56FBAAC}
Key deleted: HKLM\Software\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key deleted: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key deleted: HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key deleted: HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key deleted: HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key deleted: HKLM\Software\Classes\Toolbar.CT2504091
Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKLM\Software\PopCap
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\Ask.com
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\PopCap
Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo
Key deleted: HKCU\Software\AppDataLow\Toolbar
Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar
Key deleted: HKCU\Software\AppDataLow\Software\Conduit
Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine
Key deleted: HKLM\Software\Cheat Engine\OpenCandy
Key deleted: HKLM\Software\VDownloader\OpenCandy
Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C915E0-0FDF-4291-A4CD-A56AECE03120}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0.1 (pl)] ****

Plugins\npganymedenet.dll ( )
Plugins\npvsharetvplg.dll (vShare.tv )
Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0 (x)
HKLM_MozillaPlugins\@ngm.nexoneu.com/NxGame (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&amp;sourceid=Mozilla-search)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&amp;q={searchTerms}&amp;mntrId=709060d900000000000000ffe2bf8d0f&amp;tlver=1.4.19.19&amp;affID=18606/)
Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results)
Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&amp;fraza={searchTerms}&amp;skad=crhhxmkohb)
Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms})
Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj)
Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&amp;r=T&amp;szukaj={searchTerms})
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype extension )

-- C:\Users\MY\AppData\Roaming\Mozilla\FireFox\Profiles\5y4ddyoc.default --
Searchplugins\search.xml (?)
Searchplugins\startsear.xml (?)
Prefs.js - browser.search.selectedEngine,
Prefs.js - browser.startup.homepage, google.com
Prefs.js - browser.startup.homepage_override.mstone, false
Prefs.js - keyword.URL, hxxp://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q=

========================================

**** Internet Explorer Version [7.0.6002.18005] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKLM_SearchScopes\{42168F92-DA71-42E6-BC7F-132EAC1F1899} - "Web Search" (hxxp://startsear.ch/?aff=1&q={searchTerms})
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x)
HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (x)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{11AF66E1-6BDE-4AA0-A061-65188608936B} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PlayerPlug.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\TbHelper2.exe (x)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{6CF0FDB5-3F57-46B4-8891-138DF970A9D6} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\{973F1DA1-9BE8-49C1-A68D-EAA0D9847898} - C:\Program Files\VXdownloader 0.9\mybarnskF230.tmp\PropMgrAsync.exe (x)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 117 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)

C:\Ad-Report-CLEAN[1].txt - 31/08/2011 21:23:23 (12226 Byte(s))
C:\Ad-Report-SCAN[1].txt - 31/08/2011 20:57:09 (13202 Byte(s))

End at: 21:25:11, 31/08/2011

============== E.O.F ==============

[/log]

Logi z OTL:
[log]OTL logfile created on: 2011-08-31 21:40:29 - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,69% Memory free
4,24 Gb Paging File | 2,99 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 6,45 Gb Free Space | 9,43% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-08-31 13:51:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-08-30 09:42:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MY\Desktop\Programy\OTL(2).exe
PRC - [2011-08-15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011-01-07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- D:\Programy\Tunngle\TnglCtrl.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-01-26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-01-19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-08-31 13:51:58 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-04-08 11:37:01 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-08-15 15:49:44 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-11-22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Programy\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006-11-10 20:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Programy\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-02-04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-01-08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-12-31 14:49:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Programy\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009-09-16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006-11-02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-31 13:51:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-27 20:09:31 | 000,000,000 | ---D | M]

[2010-12-31 00:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Extensions
[2011-08-25 16:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MY\AppData\Roaming\mozilla\Firefox\Profiles\5y4ddyoc.default\extensions
[2011-08-30 08:34:45 | 000,001,860 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\5y4ddyoc.default\searchplugins\startsear.xml
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-08-03 21:05:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-01-09 19:41:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-01-02 16:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-14 07:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-27 11:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-01-03 10:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-08-31 13:51:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011-06-09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-05-23 12:17:36 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [services.exe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AQQ] D:\Programy\WapSter AQQ\AQQ.exe (Creative Team S.A.)
O4 - HKCU..\Run: [Raptr] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = D:\Programy\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.126.164.1 194.126.164.5
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\MY\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-08-31 20:56:40 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Remover
[2011-08-31 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011-08-31 08:28:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BicTrainer pod 7.6
[2011-08-30 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\BicTrainer 7.6
[2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2011-08-30 10:56:17 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mpa Bot pod 7.6
[2011-08-30 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mpa bot 7.6
[2011-08-30 09:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-08-30 09:52:44 | 000,000,000 | ---D | C] -- C:\rsit
[2011-08-27 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\vShare.tv plugin
[2011-08-26 09:21:45 | 000,000,000 | ---D | C] -- C:\Data
[2011-08-25 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-08-25 22:50:15 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2011-08-25 22:50:15 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011-08-25 22:50:15 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011-08-25 22:50:15 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011-08-25 22:50:15 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011-08-25 22:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011-08-25 16:25:05 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\Media Player Classic
[2011-08-23 22:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-08-22 14:54:01 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\Krawol listy
[2011-08-16 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2011-08-16 21:24:51 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Roaming\InstallShield
[2011-08-10 01:14:35 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-10 01:14:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-10 01:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-10 01:14:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011-08-10 01:14:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-08-10 01:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-08-10 01:14:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-08-10 01:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-08-10 01:14:18 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-10 01:14:18 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-07 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\MY\Desktop\bhh
[2011-08-03 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\MY\AppData\Local\Ares
[2011-08-03 21:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011-08-03 21:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-08-31 21:27:14 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-31 21:27:13 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-31 21:27:09 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-31 21:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-31 21:26:59 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-31 21:25:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011-08-31 20:56:40 | 000,001,676 | ---- | M] () -- C:\Users\MY\Desktop\Ad-Remover.lnk
[2011-08-31 20:50:02 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-31 12:17:41 | 000,752,884 | ---- | M] () -- C:\Users\MY\Desktop\skanuj0001.jpg
[2011-08-31 12:15:43 | 000,671,902 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-08-31 12:15:42 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-31 12:15:42 | 000,130,310 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-08-31 12:15:42 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-31 06:49:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011-08-31 06:49:46 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011-08-30 11:03:51 | 000,169,472 | ---- | M] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-30 11:02:22 | 000,000,062 | ---- | M] () -- C:\Windows\System32\tcfg.ini
[2011-08-29 10:07:29 | 000,001,524 | ---- | M] () -- C:\Users\MY\.recently-used.xbel
[2011-08-23 22:04:39 | 000,000,703 | ---- | M] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-08 10:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-08 10:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2011-08-03 21:05:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-08-31 20:56:40 | 000,001,676 | ---- | C] () -- C:\Users\MY\Desktop\Ad-Remover.lnk
[2011-08-31 12:17:00 | 000,752,884 | ---- | C] () -- C:\Users\MY\Desktop\skanuj0001.jpg
[2011-08-31 06:48:55 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011-08-30 10:57:03 | 000,000,062 | ---- | C] () -- C:\Windows\System32\tcfg.ini
[2011-08-29 10:07:29 | 000,001,524 | ---- | C] () -- C:\Users\MY\.recently-used.xbel
[2011-08-25 22:50:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-08-25 22:50:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-08-25 22:50:15 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011-08-25 22:50:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-08-25 22:50:14 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-08-23 22:04:39 | 000,000,703 | ---- | C] () -- C:\Users\MY\Desktop\Launcher — skrót.lnk
[2011-08-16 21:30:26 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut2.lnk
[2011-08-03 21:05:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-07-23 13:45:59 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_3
[2011-07-19 21:08:43 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_1
[2011-07-19 14:39:12 | 000,000,169 | ---- | C] () -- C:\Users\MY\AppData\Roaming\D2Info0
[2011-07-19 14:39:12 | 000,000,008 | ---- | C] () -- C:\Users\MY\AppData\Roaming\DofusAppId0_2
[2011-04-25 11:19:53 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-04-25 11:19:53 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011-04-13 21:36:50 | 000,624,640 | ---- | C] () -- C:\Windows\System32\GD.dll
[2011-04-13 21:36:50 | 000,204,866 | ---- | C] () -- C:\Windows\System32\MuGuard.dll
[2011-04-13 21:36:50 | 000,200,800 | ---- | C] () -- C:\Windows\System32\AntiHack.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-27 12:03:31 | 001,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2011-01-23 15:57:27 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011-01-23 11:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-01-22 10:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-01-22 10:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-01-13 00:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011-01-09 22:56:55 | 000,045,676 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011-01-05 16:40:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-04 09:31:10 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011-01-01 17:07:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-12-31 19:22:43 | 001,867,776 | ---- | C] () -- C:\Windows\python24.dll
[2010-12-31 15:04:43 | 000,001,356 | ---- | C] () -- C:\Users\MY\AppData\Local\d3d9caps.dat
[2010-12-31 13:08:01 | 000,169,472 | ---- | C] () -- C:\Users\MY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-31 11:30:44 | 000,140,923 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\svhosted.exe
[2010-02-04 17:17:21 | 000,663,697 | ---- | C] () -- C:\Windows\integrationbots.exe
[2010-02-04 11:47:07 | 000,801,070 | ---- | C] () -- C:\Windows\integrationTibia.exe
[2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007-03-01 01:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:22:06 | 000,671,902 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:22:06 | 000,130,310 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,253,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

[/log]
[log]OTL Extras logfile created on: 2011-08-31 21:40:29 - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\MY\Desktop\Programy
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,69% Memory free
4,24 Gb Paging File | 2,99 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,36 Gb Total Space | 6,45 Gb Free Space | 9,43% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,54 Gb Free Space | 68,13% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 39,58 Gb Free Space | 81,06% Space Free | Partition Type: NTFS

Computer Name: MY-PC | User Name: MY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"C:\RECYCLER\services.exe" = C:\RECYCLER\services.exe:*:Enabled:services.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B65BC0-00F4-4263-BF70-B744EBFB36FF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0AFABE52-60FF-464C-B7F0-66E45ED6E1FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D490FC0-7A2A-45C4-8145-5CE2A03F84C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22B1492D-1574-4745-A49E-F4990597EF2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E1E3E7F-3496-48D4-8186-DDF566F972DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{528A28E1-884E-4EA9-B313-C4C975F83DC7}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher |
"{7082485C-6C49-4DE8-8910-F14188D4CED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{798FD9B5-DA6E-4317-89B6-8B78C782BB20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3F9F0A0-C9D6-4A01-BD36-0288D3A06CF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B91528CE-5C0A-4321-A169-6A438C8C0374}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher |
"{BDFF1A7E-F6E0-4786-836B-1FD941E586BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEE23B04-5521-482E-9F97-3D1923F43BAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA0EBEE4-93E2-4B1A-8E60-1A603D10C877}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB1BF0-A324-4FB7-AD36-1F28692BCF83}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{184273BC-7DF6-4EF6-A39B-C54C69CE433F}" = protocol=6 | dir=in | app=d:\gry\game\league of legends.exe |
"{1B7EF622-F99A-4883-A36D-F456F3145C2C}" = protocol=6 | dir=in | app=d:\gry\air\lolclient.exe |
"{20B03959-7766-490F-8D14-B16A0CF1186E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2122688E-1A11-4BC9-9FA1-A41E0139B187}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{249E25AF-4D1B-41A6-A1DB-A9E72AF97F2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{347F7796-4361-4C06-A640-FE2253CB1F2A}" = protocol=6 | dir=out | app=system |
"{39F3A677-36D1-432D-A2D6-4B267734F020}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{42A839F8-922D-4D48-BA87-02B4D3976C6D}" = protocol=6 | dir=in | app=d:\gry\fm11\fm.exe |
"{49A14399-E9F8-48B0-AE4A-C6A68E964440}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BF209B7-EB6D-49DC-B976-93A43499AACB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{4DE277F2-A554-4ED0-A9B0-653E0B9C57C6}" = protocol=17 | dir=in | app=d:\gry\game\league of legends.exe |
"{52437D3C-A350-450E-BFD1-9844E6F355ED}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx9.exe |
"{52AED596-A3C8-4AE0-A3DA-235676A27208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{575CD844-832A-4F80-90C4-29605ABA1B8F}" = protocol=6 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"{578E4613-A868-40BE-8FF8-FF501492EF56}" = protocol=6 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{682600CB-A627-40CD-8B22-FB6A21E6EC02}" = protocol=17 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{6C8D3B95-6190-4BD8-9995-28CB2622B179}" = protocol=6 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{6DB3DF08-7C86-471F-8C84-5F19DDD1D011}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{6E3C64FE-824A-4D8D-83F8-C5800B4508F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{71BF7D49-787D-48B6-8D2F-81CEF1AAFC10}" = protocol=17 | dir=in | app=d:\programy\tunngle\tnglctrl.exe |
"{788BD431-D749-48C7-96C0-5BE35AC2927D}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{7F1D9278-6A72-47B1-A28F-A75C8CFD0C62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{85BA8355-170B-4C89-B65A-2EFA4D90D141}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{873198B5-B8C0-40F6-874B-CD40378E5BFD}" = protocol=17 | dir=in | app=d:\gry\air\lolclient.exe |
"{92B420BD-895B-4C48-BD87-9853AA432B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94654DB6-89BA-4DF4-9511-DB2AB2F9DC7F}" = protocol=17 | dir=in | app=d:\combat arms eu\nmservice.exe |
"{98B7C8AA-ABEC-4817-98E1-502A164BCB36}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{99C6F5A5-C37C-4855-B426-1E145953E1F5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{9D100997-F309-4505-A556-E041A052E632}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9E2E9C93-5EA4-4655-963A-77BC7AA59808}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F559D9D-1FA0-4F62-AA4E-A9DF3F84150C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{A4E69756-F2DB-4E9C-86C2-58A1B3EB82C7}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{A691649E-6E4B-4CCE-8606-8868D5B8B66F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7CCD88D-4690-4ADA-BC19-5FD9EA0299F7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7CE2599-ED1D-417A-81B1-1715CE20B1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9DDE11D-9D88-4870-BE54-DFCD9B842EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB4FD46-908A-4DB3-B25B-BB8B2EC8D86E}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{B610EA04-BCE9-45DB-BFFA-D92361F0D5C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B72E3999-E3F9-4675-83A3-75F817575C42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9247C03-2064-4B6B-8158-12C447CEE392}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B96B7F98-6B42-44A3-8206-78C77DBE1F00}" = protocol=6 | dir=in | app=d:\programy\tunngle\tunngle.exe |
"{C4C2B978-2F58-4692-BC91-A92E53C3B51D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CCEBD2A0-953B-4100-BB0C-55E3741003EE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E6D1E473-B8B7-434E-AB49-4F6FA81920A8}" = protocol=17 | dir=in | app=d:\gry\fm11\fm.exe |
"{FE4DF438-B64D-4C65-B929-C9CBEFD0A64C}" = protocol=17 | dir=in | app=d:\gry\lost planet colonies\lostplanetcoloniesdx10.exe |
"TCP Query User{26A71D23-BDCB-439C-8BE0-93B5260D3703}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{2FAB8935-A967-42CA-9AFA-CF27FBE44724}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{31C7DCA1-7DB7-4577-BE1E-62E6ADDCFA76}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"TCP Query User{36151AE1-5BEC-4301-91BB-164E0087C763}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{36C54D94-4EE5-44D9-880D-D29BFD3E2815}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"TCP Query User{4CDB9903-BBE9-43C8-8029-836C5CFF5A34}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{5350DEE7-7BCE-4B07-A023-A07067CAD761}D:\gry\fifa\game\fifa.exe" = protocol=6 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"TCP Query User{5512F3BD-31C5-4C82-B984-855FFA5846AD}D:\programy\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"TCP Query User{67F39765-3876-4E99-BDBD-10E719D32D67}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{716169AD-5F4A-44AA-9D46-4EF281BFE0D4}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{72B8AF06-E28B-4EAD-957E-412F4E7BD479}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{76D02072-6736-43BE-B42F-216D76EA2367}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{8D54536C-9C7B-4250-A18B-15FB06E5EC4B}D:\gry\flatout\flatout2.exe" = protocol=6 | dir=in | app=d:\gry\flatout\flatout2.exe |
"TCP Query User{A060C345-2F04-4B83-8DA6-D52DF334FA35}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"TCP Query User{A3A1FC9A-E552-48AC-B228-E7FEA33446C8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A7D15519-E0B5-4B7E-B42A-5A9E85227784}D:\gry\lol.launcher.exe" = protocol=6 | dir=in | app=d:\gry\lol.launcher.exe |
"TCP Query User{C8D008A7-0D6E-4664-A4C5-9F86888FC5BC}D:\gry\cs\hl.exe" = protocol=6 | dir=in | app=d:\gry\cs\hl.exe |
"TCP Query User{E95077E1-B6F6-4E8C-8FBA-F7B6B053FE41}D:\programy\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programy\winamp\winamp.exe |
"TCP Query User{EAB15B8C-FB1E-4625-B2CE-F5332129D61C}D:\gry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"TCP Query User{EC2F1DF8-977A-48E8-A068-7F9CC92AB995}D:\programy\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"TCP Query User{F020C57A-F7B1-4749-B4EF-EC4B257A146F}D:\programy\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"TCP Query User{F132E7AF-CDD3-4377-892A-FE8921AD4BE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{072DBEF1-9A00-4CA2-A52B-1C6969FD7DDC}C:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\my\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{0EE07B56-89E8-4709-81FF-8E5472FB77E2}D:\gry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\gry\warcraft iii\war3.exe |
"UDP Query User{1977B2C5-8C1B-4B0F-9F3F-7521526E306B}D:\gry\lol.launcher.exe" = protocol=17 | dir=in | app=d:\gry\lol.launcher.exe |
"UDP Query User{2F4F7581-1075-445D-B851-06F54DB1CC64}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{38D986F1-4030-4049-BDFB-4036302EF54E}C:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v3 - 8.54\theforgottenserver.exe |
"UDP Query User{3B8CDA2B-14D5-4D5E-8F41-B171B1150E72}D:\gry\fifa\game\fifa.exe" = protocol=17 | dir=in | app=d:\gry\fifa\game\fifa.exe |
"UDP Query User{43084BAC-01BF-46B9-AEFA-BA68FB1FAB0A}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{4D0C0379-582C-4589-BBF0-CBDC71868A80}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{5F12F8AE-F69A-4641-90F5-7EC530244721}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{6A9AF049-1E5D-4119-AAD9-D5853EDF8C30}D:\programy\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=d:\programy\wapster aqq\aqq.exe |
"UDP Query User{6AC7BA6F-2375-4D78-950A-76CD7CA8FFD7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{85F65B0B-A89C-4467-ABED-2C93758702FA}D:\programy\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\adv\sopadver.exe |
"UDP Query User{9003E4CA-5BA6-4B56-B691-1D7CFA7D4238}D:\programy\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programy\sopcast\sopcast.exe |
"UDP Query User{90284BB2-C979-47D1-B08F-0BAA8063C683}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{9A1A0F48-91FD-4308-A94D-56489E33C990}D:\gry\cs\hl.exe" = protocol=17 | dir=in | app=d:\gry\cs\hl.exe |
"UDP Query User{A0CA228B-CF74-442A-B80C-BD96AC031EA2}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{A0CE6AC7-C790-4DAC-A842-7D5E15C2F896}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |
"UDP Query User{A563374B-6754-4F4C-8626-E3E83DAFD14E}C:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\my\documents\m\pokeserver v4.1 - 8.54 (edited familia)\theforgottenserver.exe |
"UDP Query User{A6C83577-85A8-4E3B-A880-090963250171}D:\gry\flatout\flatout2.exe" = protocol=17 | dir=in | app=d:\gry\flatout\flatout2.exe |
"UDP Query User{BB00ABA1-880C-4333-B640-01540E41133B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{C0E93629-D42C-47E0-9A48-C6EACF542D15}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"UDP Query User{E8485902-A2D6-4EBD-9644-6F03AE8F6225}D:\programy\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programy\winamp\winamp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EB106F5-110F-4E96-BCBA-1687AE57A04E}" = FlatOut2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.733
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E544E5-EF3C-4103-A57B-3A499FD91045}" = Nero 7 Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AQQ" = WapSter AQQ
"BabylonToolbar" = Babylon toolbar
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BicTrainer pod 7.6" = BicTrainer pod 7.6
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Combat Arms EU" = Combat Arms EU
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Driver Cleaner" = Driver Cleaner 3
"Eurobattle.net1.24b" = Eurobattle.net
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"MahJong Suite_is1" = MahJong Suite 2009 v6.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.1 (x86 pl)" = Mozilla Firefox 6.0.1 (x86 pl)
"Mpa Bot pod 7.6" = Mpa Bot pod 7.6
"SopCast" = SopCast 3.3.2
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia 7.6
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.36
"Veetle TV" = Veetle TV 0.9.18
"vShare.tv plugin" = vShare.tv plugin 1.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ad-Remover" = Ad-Remover
"GameRanger" = GameRanger
"Warcraft III" = Warcraft III: wszystkie elementy
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 15:15:56 | Computer Name = MY-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2011-08-25 16:44:58 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.0.3091, sygnatura
czasowa 0x4d00b3a0, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x07f2b5ed, identyfikator
procesu 0x778, godzina rozpoczęcia aplikacji 0x01cc6367c9e5849f.

Error - 2011-08-25 16:46:08 | Computer Name = MY-PC | Source = Application Hang | ID = 1002
Description = Program winamp.exe w wersji 5.6.0.3091 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami
i rozwiązaniami problemów. Identyfikator procesu: 960 Godzina rozpoczęcia: 01cc6367e8aa68ff
Godzina
zakończenia: 18

Error - 2011-08-28 15:14:38 | Computer Name = MY-PC | Source = RasClient | ID = 20227
Description =

Error - 2011-08-29 16:11:46 | Computer Name = MY-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6002.18005, sygnatura
czasowa 0x49e01e78, moduł powodujący błąd mshtml.dll, wersja 7.0.6002.18494, sygnatura
czasowa 0x4e29a0d3, kod wyjątku 0xc0000005, przesunięcie błędu 0x000bb1cc, identyfikator
procesu 0xb20, godzina rozpoczęcia aplikacji 0x01cc6687d4352f56.

Error - 2011-08-31 08:27:52 | Computer Name = MY-PC | Source = Software Licensing Service | ID = 1001
Description = Uruchomienie usługi licencjonowania oprogramowania nie powiodło się.
hr=0x80070002, [2, 4]

Error - 2011-08-31 08:44:36 | Computer Name = MY-PC | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-08-30 17:16:13 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-08-30 17:16:51 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-08-31 08:27:12 | Computer Name = MY-PC | Source = sptd | ID = 262148
Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Error - 2011-08-31 08:28:21 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 2011-08-31 08:28:22 | Computer Name = MY-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-08-31 08:30:15 | Computer Name = MY-PC | Source = WMPNetworkSvc | ID = 866290
Description =


< End of report >

[/log]

Gość
komentarz
komentarz

Uruchom OTL i wykonaj następujący skrypt:

[php]:OTL
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
03 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O4 - HKLM..\Run: [services.exe] File not found[/php]


Odinstaluj Spaybota - to przestarzale narzedzie.
Odinstaluj Babylon Toolbar , DAEMON Tools Toolbar

Następnie wyczyść foldery przywracania systemu [url="http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1"]http://www.fixitpc.p...ania-czesc-1/#1[/url], to usunie ewentualne pozostałości po infekcji.

Java™ 6 Update 20
Java™ 6 Update 26

Stare wersje Javy odinstaluj pobierz najnowszą [b]Java7[/b]

Uruchom Ad-remover i kliknij opcje Uninstall, to usunie program z dysku i kwarantanne.
Na koniec uruchom OTL i kliknij opcje Sprzątanie.

Mitgethar
komentarz
komentarz

[list=1]
[*]Log po wpisaniu skrypta:

[log]========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services.exe deleted successfully.

OTL by OldTimer - Version 3.2.26.6 log created on 08312011_221917

[/log]

Foldery przywracania systemu wyczyszczone.
Spy bot odinstalowany.
Java zaktualizowana.
Posprzątane.
[/list]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.