Perfer utworzono 28 września 2011 utworzono 28 września 2011 (edytowane) Siema, wysłano mnie tu z działu BSOD'ów, argumentując, że to wirus powoduje BSOD'a. Dzieje się to na komputerze Hp Pavilion dv133~ z systemem Vista Dzisiaj np. wywaliło mi BSOD'a przy podłączaniu pendrive'a, a wcześniej gdy komputer sobie leżał i się nudził. Oto logi z windbgra: (jak sie nudził): [log]Microsoft ® Windows Debugger Version 6.12.0002.633 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\Mini092811-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6002.18267.x86fre.vistasp2_gdr.100608-0458 Machine Name: Kernel base = 0x82607000 PsLoadedModuleList = 0x8271ec70 Debug session time: Wed Sep 28 09:44:20.135 2011 (UTC + 2:00) System Uptime: 0 days 11:08:36.490 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ ..................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1A, {41287, 4cc, 0, 0} Probably caused by : volsnap.sys ( volsnap!VspCreateWriteHeap+fa ) Followup: MachineOwner --------- [/log] (podczas włączania pendrive'a): [log] Microsoft ® Windows Debugger Version 6.12.0002.633 X86 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\Mini092811-02.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6002.18267.x86fre.vistasp2_gdr.100608-0458 Machine Name: Kernel base = 0x82602000 PsLoadedModuleList = 0x82719c70 Debug session time: Wed Sep 28 14:27:31.845 2011 (UTC + 2:00) System Uptime: 0 days 0:17:45.975 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ ........................ Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1A, {41287, 4cc, 0, 0} Probably caused by : WUDFRd.sys ( WUDFRd!RdMapLockedPagesSpecifyCache+28 ) Followup: MachineOwner --------- [/log] Log z malwarebyte'a: [log] Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Wersja bazy: 7770 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 2011-09-28 14:46:52 mbam-log-2011-09-28 (14-46-52).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 274298 Upłynęło: 8 minut(y), 51 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)[/log] Bardzo prosiłbym o pomoc, pozdrawiam
Gość komentarz 28 września 2011 komentarz 28 września 2011 Wykonaj logi z OTL i GMERA [url="http://www.fixitpc.pl/forum-38/announcement-3-wazne-zakladanie-tematu-obowiazkowe-logi/"]http://www.fixitpc.pl/forum-38/announcement-3-wazne-zakladanie-tematu-obowiazkowe-logi/[/url]
Perfer komentarz 28 września 2011 Autor komentarz 28 września 2011 (edytowane) Log z OTL'a: [log]OTL logfile created on: 2011-09-28 17:22:48 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\KAROL\Desktop\OTL Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,30% Memory free 6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,08 Gb Total Space | 58,46 Gb Free Space | 20,15% Space Free | Partition Type: NTFS Drive D: | 8,01 Gb Total Space | 1,20 Gb Free Space | 14,95% Space Free | Partition Type: NTFS Drive E: | 613,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,46 Gb Total Space | 4,53 Gb Free Space | 60,74% Space Free | Partition Type: NTFS Computer Name: KAROL-PC | User Name: KAROL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-22 21:22:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\KAROL\Desktop\OTL\OTL.exe PRC - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-08-03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011-08-03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-07 17:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2010-11-11 22:07:28 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe PRC - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2010-08-12 15:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2010-07-28 03:23:50 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2010-07-26 23:59:20 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe PRC - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010-03-02 18:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe PRC - [2010-03-02 18:03:18 | 000,247,152 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe PRC - [2009-12-02 17:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009-09-29 09:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2009-09-29 09:52:52 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008-12-31 16:19:56 | 000,102,400 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe PRC - [2008-06-27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe PRC - [2008-06-27 17:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe PRC - [2008-06-19 14:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008-06-19 14:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008-04-27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008-04-26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe PRC - [2007-12-17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007-12-13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE PRC - [2007-07-12 13:43:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe PRC - [2007-01-11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-03-27 13:11:42 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\24c6417baba7ca153d53c9977fc5c008\System.Data.SqlServerCe.ni.dll MOD - [2010-08-24 11:43:06 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.ni.dll MOD - [2010-08-24 11:43:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9f38a2b0adadce82d09209811af4043e\System.Transactions.ni.dll MOD - [2010-08-24 11:43:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll MOD - [2010-08-24 11:37:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll MOD - [2010-08-24 11:37:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll MOD - [2010-08-24 11:36:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll MOD - [2010-08-24 11:36:11 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\cc009a955f4b35c344c2f9aaf453f329\System.Data.ni.dll MOD - [2010-08-24 11:35:10 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll MOD - [2010-08-24 11:34:36 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll MOD - [2010-07-28 03:24:30 | 000,117,904 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll MOD - [2010-03-02 18:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe MOD - [2009-09-04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009-03-31 20:05:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-03-30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009-03-30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008-06-25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2008-06-19 14:10:46 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2006-09-14 01:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-09-22 00:39:19 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai) SRV - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-04-07 17:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010-08-12 15:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010-03-02 18:03:18 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe -- (UI Assistant Service) SRV - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009-09-29 09:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009-01-08 09:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro) SRV - [2008-12-31 16:19:56 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service) SRV - [2008-12-22 12:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008-06-27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe -- (AESTFilters) SRV - [2008-06-27 17:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe -- (STacSV) SRV - [2008-04-27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008-04-26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007-01-11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-08-03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-05-10 11:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011-04-11 15:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3avs.sys -- (rig3avs) DRV - [2011-04-11 15:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3usb.sys -- (rig3usb_svc) DRV - [2011-04-11 15:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3usb.sys -- (rig3usb) DRV - [2010-07-29 14:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010-07-29 14:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2010-07-29 14:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-07-29 14:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2010-07-29 14:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010-02-22 04:22:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010-01-18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010-01-18 12:21:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010-01-18 12:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-11-02 10:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008-12-21 12:04:46 | 000,012,800 | ---- | M] (The One Technology) [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15) DRV - [2008-11-17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008-08-07 15:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008-08-07 15:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008-07-08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-06-27 17:44:18 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008-05-02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-04-27 23:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008-01-24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007-11-08 22:51:54 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DFUUsb.sys -- (DfuUsb) DRV - [2007-10-24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-03-19 15:40:34 | 000,060,288 | ---- | M] (The One Technology) [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd17.sys -- (mvd17) DRV - [2006-11-02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2001-04-13 20:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.com"]http://www.google.com[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.com"]http://www.google.com[/url] IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://tvn24-stream.onet.pl/nazywo.html"]http://tvn24-stream.....pl/nazywo.html[/url] IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ing.pl/u235/navi/35" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-05-31 15:32:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-11-11 15:56:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-21 22:41:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-21 22:56:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-12-24 17:19:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009-11-11 15:56:56 | 000,000,000 | ---D | M] [2010-08-20 18:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAROL\AppData\Roaming\mozilla\Extensions [2011-09-21 23:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions [2011-08-31 17:08:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(326) [2010-09-13 11:38:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-23 16:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-08-23 16:04:27 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-02-19 18:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\KAROL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z415X1DC.DEFAULT\EXTENSIONS\{195A3098-0BD5-4E90-AE22-BA1C540AFD1E} [2011-08-17 17:20:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-02-19 18:41:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\KAROL\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=032111 serial=DR11CTD-9999999-KHM File not found O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [UIExec] C:\Program Files\Netia\Mobilny Internet\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [Twoje TVN24] File not found O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html () O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26341FCD-81FE-4D84-8CA0-32FF1A916BAF}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\KAROL\Pictures\Ustroń\Pies ogrodnika.JPG O24 - Desktop BackupWallPaper: C:\Users\KAROL\Pictures\Ustroń\Pies ogrodnika.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-03-22 10:11:42 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ] O33 - MountPoints2\{079d6d45-a137-11de-b381-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{079d6d45-a137-11de-b381-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0a0d7c58-edc5-11df-abe4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0a0d7c58-edc5-11df-abe4-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0a0d7c96-edc5-11df-abe4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{0a0d7c96-edc5-11df-abe4-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3f4cd2ae-6d39-11de-bbb4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{3f4cd2ae-6d39-11de-bbb4-00235aa3678a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3f4cd2e4-6d39-11de-bbb4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{3f4cd2e4-6d39-11de-bbb4-00235aa3678a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{497e8cee-a1dd-11de-8e95-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{497e8cee-a1dd-11de-8e95-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4fa324c8-45f1-11de-8642-002186c9e731}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe O33 - MountPoints2\{4fa324c8-45f1-11de-8642-002186c9e731}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe O33 - MountPoints2\{55b25d95-bb33-11de-b450-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{55b25d95-bb33-11de-b450-002186c9e731}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{78666a58-1f59-11df-8393-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{78666a58-1f59-11df-8393-002186c9e731}\Shell\AutoRun\command - "" = F:\hom&m3gepl.exe O33 - MountPoints2\{8a534210-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534210-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a53422f-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a53422f-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a534244-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534244-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a534279-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534279-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8f43ff0e-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff0e-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff39-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff39-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff3e-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff3e-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff41-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff41-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff46-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff46-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{92836121-d296-11de-bba3-002186c9e731}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs O33 - MountPoints2\{949d1381-b821-11e0-9426-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{949d1381-b821-11e0-9426-002186c9e731}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{949d13bd-b821-11e0-9426-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{949d13bd-b821-11e0-9426-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fe90c862-ed6c-11df-b23e-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{fe90c862-ed6c-11df-b23e-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b51f7-edc1-11df-b455-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b51f7-edc1-11df-b455-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b5234-edc1-11df-b455-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b5234-edc1-11df-b455-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b523e-edc1-11df-b455-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b523e-edc1-11df-b455-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-09-28 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\OTL [2011-09-28 14:33:38 | 000,000,000 | ---D | C] -- C:\symbols [2011-09-24 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL [2011-09-24 21:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\VASSAL [2011-09-23 13:57:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} [2011-09-22 22:09:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2011-09-22 21:57:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} [2011-09-22 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Malwarebytes [2011-09-22 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-09-22 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-09-22 16:12:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-09-22 16:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-09-22 14:14:52 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2011-09-22 14:14:52 | 002,558,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011-09-22 14:14:52 | 000,309,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll [2011-09-22 14:14:52 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2011-09-22 14:14:51 | 003,730,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011-09-22 14:14:51 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011-09-22 14:14:49 | 000,600,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2011-09-22 14:11:56 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011-09-22 14:11:56 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011-09-22 14:11:56 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011-09-22 14:11:55 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011-09-22 14:11:55 | 010,304,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011-09-22 14:11:55 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011-09-22 14:11:55 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011-09-22 14:11:55 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011-09-22 14:11:55 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2011-09-22 14:11:55 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2011-09-22 13:51:13 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit [2011-09-22 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit [2011-09-22 13:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86) [2011-09-22 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86) [2011-09-22 13:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier [2011-09-22 13:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2011-09-22 13:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1 [2011-09-22 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\windbg [2011-09-22 13:27:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A07F7F49-03B9-4B8B-A266-07563B0278A6} [2011-09-22 01:03:46 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\memtest [2011-09-21 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{72f8c2ce-4d47-4424-a8c9-0fa117485c4b} [2011-09-21 17:42:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\welt [2011-09-21 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{06df778f-f510-48fd-ac57-0ce755d06ae7} [2011-09-21 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{664d8a28-393c-4ae0-8096-bfa55d4f3dca} [2011-09-21 16:44:28 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{be498c9c-a804-4c58-8f3e-fb7bffd0eada} [2011-09-21 16:09:16 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{6b8dd61f-ed0e-4414-b95a-16d4a4a7011d} [2011-09-21 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{d25a5af4-715e-4d0d-a31a-5bee1578b5b5} [2009-02-19 21:44:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009-02-19 21:44:02 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009-02-19 21:44:02 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009-02-19 21:44:01 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009-02-19 21:44:01 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-09-28 17:27:56 | 007,602,176 | ---- | M] () -- C:\Users\KAROL\ntuser.dat [2011-09-28 17:18:22 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-09-28 17:13:52 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-09-28 17:13:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-09-28 17:13:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-09-28 17:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-09-28 17:13:32 | 326,315,057 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-09-28 16:33:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011-09-28 16:31:21 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-09-27 22:24:54 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-09-27 22:24:51 | 000,524,288 | -HS- | M] () -- C:\Users\KAROL\ntuser.dat{3e5750cb-2dc6-11df-afea-002186c9e731}.TMContainer00000000000000000001.regtrans-ms [2011-09-27 22:24:51 | 000,065,536 | -HS- | M] () -- C:\Users\KAROL\ntuser.dat{3e5750cb-2dc6-11df-afea-002186c9e731}.TM.blf [2011-09-27 22:24:45 | 003,311,449 | -H-- | M] () -- C:\Users\KAROL\AppData\Local\IconCache.db [2011-09-27 20:00:53 | 000,857,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-09-27 20:00:53 | 000,607,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-09-27 20:00:53 | 000,137,286 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-09-27 20:00:53 | 000,108,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-09-27 20:00:53 | 000,013,218 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-09-24 21:06:30 | 000,000,736 | ---- | M] () -- C:\Users\KAROL\Desktop\VASSAL.lnk [2011-09-23 17:30:13 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Pasek TVN24.lnk [2011-09-22 22:13:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2011-09-22 21:59:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_rig3usb_01009.Wdf [2011-09-22 16:12:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-21 22:55:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKAROL.job [2011-09-21 22:31:21 | 000,524,288 | -HS- | M] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TMContainer00000000000000000001.regtrans-ms [2011-09-21 22:31:21 | 000,065,536 | -HS- | M] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TM.blf [2011-09-21 21:54:21 | 000,524,288 | -HS- | M] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TMContainer00000000000000000002.regtrans-ms [2011-09-21 16:54:19 | 000,008,484 | ---- | M] () -- C:\Users\KAROL\AppData\Local\d3d9caps.dat [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-23 17:30:13 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Pasek TVN24.lnk [2011-09-22 22:13:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2011-09-22 21:59:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_rig3usb_01009.Wdf [2011-09-22 16:22:33 | 003,311,449 | -H-- | C] () -- C:\Users\KAROL\AppData\Local\IconCache.db [2011-09-22 16:12:27 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-22 14:11:55 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011-09-21 17:36:48 | 000,524,288 | -HS- | C] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TMContainer00000000000000000002.regtrans-ms [2011-09-21 17:36:47 | 000,524,288 | -HS- | C] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TMContainer00000000000000000001.regtrans-ms [2011-09-21 17:36:47 | 000,065,536 | -HS- | C] () -- C:\Users\KAROL\ntuser.dat{7c53fdd3-e464-11e0-8d53-001a4dfe3d10}.TM.blf [2011-03-18 01:16:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6AF4210023.sys [2011-03-17 22:22:21 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010-11-26 01:39:47 | 000,000,391 | ---- | C] () -- C:\Windows\crownofglory.ini [2010-11-01 17:43:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010-08-20 18:57:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010-07-09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010-03-18 00:46:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010-03-18 00:46:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010-02-08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll [2009-11-22 21:52:05 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI [2009-10-17 17:38:37 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-10-16 12:21:48 | 000,108,312 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2009-09-17 21:29:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-09-17 21:29:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-09-17 21:28:45 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-09-13 13:13:40 | 000,000,155 | ---- | C] () -- C:\Windows\mistrz.ini [2009-09-02 17:30:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\t5clientGateWriter.dll [2009-09-02 17:30:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\t5clientGateCalc.dll [2009-08-10 12:07:33 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xerces-depdom_2_7.dll [2009-08-10 12:06:58 | 001,409,024 | ---- | C] () -- C:\Windows\System32\t5core-1.0.dll [2009-08-10 09:26:01 | 010,166,272 | ---- | C] () -- C:\Windows\System32\icudt36.DLL [2009-07-24 20:35:00 | 000,000,026 | ---- | C] () -- C:\Windows\CDE SX200EXPORT.ini [2009-07-20 21:17:58 | 000,122,880 | ---- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe [2009-07-20 21:10:48 | 000,307,200 | ---- | C] () -- C:\Windows\System32\InstallVCOM.exe [2009-04-24 00:52:21 | 000,723,981 | ---- | C] () -- C:\Users\KAROL\AppData\Local\unins000.exe [2009-04-24 00:52:21 | 000,005,236 | ---- | C] () -- C:\Users\KAROL\AppData\Local\unins000.dat [2009-04-19 16:36:45 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI [2009-04-15 11:02:05 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009-04-09 19:03:51 | 000,138,584 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009-04-09 19:03:39 | 000,189,672 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-04-09 19:03:30 | 000,070,968 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-03-25 22:17:22 | 000,000,026 | ---- | C] () -- C:\Windows\CDER220EDFNSCPHGT.ini [2009-03-25 21:43:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009-03-25 21:43:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009-03-25 21:43:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009-03-25 21:43:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009-03-25 21:43:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009-03-25 21:43:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009-03-25 21:43:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009-03-25 21:43:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009-03-25 21:43:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009-03-25 21:43:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009-03-25 21:43:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009-03-25 21:43:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009-03-25 21:43:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009-03-25 21:43:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009-03-25 21:43:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009-03-25 21:43:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009-03-25 21:43:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009-03-25 21:43:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009-03-25 21:43:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009-03-23 13:31:47 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2009-03-10 23:52:22 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2009-03-10 23:19:27 | 000,008,484 | ---- | C] () -- C:\Users\KAROL\AppData\Local\d3d9caps.dat [2009-03-07 11:50:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009-02-23 19:08:27 | 000,000,470 | ---- | C] () -- C:\Users\KAROL\AppData\Roaming\wklnhst.dat [2009-02-21 20:40:15 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-02-21 20:40:13 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-02-21 20:40:13 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-02-21 20:40:13 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-02-21 20:40:11 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-02-21 20:40:11 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009-02-20 00:02:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009-02-19 22:34:29 | 000,052,736 | ---- | C] () -- C:\Users\KAROL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-02-19 21:00:09 | 000,008,224 | ---- | C] () -- C:\Users\KAROL\AppData\Local\GDIPFONTCACHEV1.DAT [2008-11-03 19:45:03 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini [2008-11-03 19:05:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008-11-03 18:55:25 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008-08-25 16:31:45 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2008-08-25 16:31:45 | 000,137,286 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2008-08-25 16:31:45 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2008-08-25 16:31:45 | 000,013,218 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2008-05-04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll [2008-01-21 04:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008-01-21 04:24:21 | 000,007,532 | ---- | C] () -- C:\Windows\System32\NT47AEX.DLL [2008-01-16 07:41:26 | 000,019,968 | ---- | C] () -- C:\Windows\System32\ttmsoutlook1.dll [2008-01-16 07:41:24 | 000,022,528 | ---- | C] () -- C:\Windows\System32\ttmsoffice1.dll [2007-11-14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006-12-18 15:10:38 | 000,474,112 | ---- | C] () -- C:\Windows\System32\log4cplus_dll.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,381,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,857,234 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006-11-02 12:33:01 | 000,607,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,108,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 12:16:45 | 000,000,240 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2009-03-29 01:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Avanquest [2009-12-30 11:22:00 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\BitTorrent [2009-02-22 01:46:12 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\DigitalPersona [2009-09-10 23:54:32 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\EPSON [2011-02-25 17:24:59 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\ESET [2009-05-01 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Nowe Gadu-Gadu [2009-12-23 02:16:11 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Avanquest [2011-02-03 12:55:42 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Bentley [2009-10-09 00:17:39 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\BitTorrent [2010-11-11 20:46:23 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\blueconnect [2009-10-17 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DAEMON Tools Lite [2009-02-19 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DigitalPersona [2010-04-23 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DNA [2011-09-22 16:20:01 | 000,000,000 | -H-D | M] -- C:\Users\KAROL\AppData\Roaming\drivers [2009-04-24 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2009-08-07 11:11:22 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\EPSON [2010-12-24 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\ESET [2010-09-06 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Gadu-Gadu 10 [2011-07-22 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\GARMIN [2010-09-07 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\gtk-2.0 [2010-11-18 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\ipla [2009-09-19 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\LimeWire [2010-01-05 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Moje pliki Bitwy o Śródziemie™ II [2010-11-13 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\My Games [2009-07-08 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Nokia [2009-04-12 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Nowe Gadu-Gadu [2010-11-27 17:47:36 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\OpenFM [2009-07-08 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\PC Suite [2010-03-02 02:02:34 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\POLENG [2010-03-18 00:45:38 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Samsung [2009-03-12 21:37:54 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Steinberg [2010-03-02 02:03:18 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\T6 [2009-02-23 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Template [2010-03-02 01:38:08 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\The Creative Assembly [2009-03-08 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Tibia [2011-03-18 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Ulead Systems [2009-03-15 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\VST3 Presets [2009-03-14 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Waves [2009-03-14 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Waves Preferences [2010-05-15 12:50:35 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Avanquest [2010-05-15 14:01:58 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Bentley [2010-05-15 13:35:15 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\DAEMON Tools Lite [2010-05-15 10:55:24 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\DigitalPersona [2010-12-31 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\ESET [2011-09-27 22:24:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >[/log] Log OTL EXTRAS: [log]OTL Extras logfile created on: 2011-09-28 17:22:48 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\KAROL\Desktop\OTL Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,30% Memory free 6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,08 Gb Total Space | 58,46 Gb Free Space | 20,15% Space Free | Partition Type: NTFS Drive D: | 8,01 Gb Total Space | 1,20 Gb Free Space | 14,95% Space Free | Partition Type: NTFS Drive E: | 613,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 7,46 Gb Total Space | 4,53 Gb Free Space | 60,74% Space Free | Partition Type: NTFS Computer Name: KAROL-PC | User Name: KAROL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [command] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Przeglądaj za pomocą programu h Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3384155157-3980012862-2537522586-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F2A23BB-10C6-4CDB-BC2C-DD5B4380FBA6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{10558D5B-8FE8-41FE-B80F-2787CECC2326}" = lport=139 | protocol=6 | dir=in | app=system | "{3201567D-72D4-4521-8349-A5718D28056E}" = rport=139 | protocol=6 | dir=out | app=system | "{43502B8F-C33E-434E-B771-30BCC5456BAA}" = lport=137 | protocol=17 | dir=in | app=system | "{4C24480E-37E3-48B6-BB83-2F267FA63BB9}" = lport=445 | protocol=6 | dir=in | app=system | "{5068FE7F-F65D-44A7-8E58-2846265CDDCD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{58F3A70D-3FBA-4E7A-97AA-7EE079690C1E}" = lport=138 | protocol=17 | dir=in | app=system | "{9230A8EA-662A-440C-A406-A0F832305254}" = rport=445 | protocol=6 | dir=out | app=system | "{9E8E5D25-05C5-4836-8723-071935F8A372}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BDE12523-D368-4245-ACC6-046DFBD7D08F}" = rport=138 | protocol=17 | dir=out | app=system | "{CADD605D-3586-4F6A-8F13-6E8A0FF11A63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E88A9D0A-05A1-466D-97DE-2303D9D98B1C}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{E9397464-37DD-4C27-8558-68F469117785}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA9CBFA9-D996-4941-A897-A672853DA17C}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0004BB2E-8113-4099-8871-25726C4CE66E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00F1B183-C1E7-46CD-B89E-CAA7E26922E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{024D64C2-268B-4432-924C-67932171A991}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{080A68CF-4FF3-4FE7-9903-F3E75D33D9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{09792CC4-17A8-4F0F-B662-9CC78F63B200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1555006F-471F-492F-8382-6BEE899692ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1650225B-B2C2-4BC8-B258-5EC4466023DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1669F832-6E21-4C66-A43E-28578743418B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16DC2527-6C5F-484C-A025-7A9447874ED4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{19053D5E-1A48-4135-8810-4241BF5896AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1B490312-DCD5-4D2D-B6BF-64A9840E753B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1BD0D3A6-F0D8-409A-A60F-B2B9278ED68F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1F339D6D-BE60-4E43-939E-F2050EFB80F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | "{21FB1D28-8B1B-4106-A230-EBADFBBF84E8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{23CB4C6D-D6C2-4D8B-B788-50C5184E350F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{244E4EF6-D6EA-4ACE-A53F-481AC907D053}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A88864D-3595-4636-9FA1-18211CDCD1E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2DC8A5C8-B204-4F51-BBC3-636168FBEBC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2F00E279-30C7-447C-8AFA-B3873BA1CE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33BD4E75-924B-456F-9E77-07569292E26C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39B15C46-F34B-4325-902A-0F6BA54C6E2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AEF5142-08F7-4D04-A6F1-44AC9AD4A065}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C777A22-C097-43AC-9E4E-9386A2A2365E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3DE6D2EC-E994-4465-B30A-13E3A767C3D5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{3ECC1D67-3EC2-41B7-91D4-B6EFE88AD4F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{40CF049C-F05F-45D1-AF65-8246E01B70FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{416D2052-B6E0-4D4C-9474-1F68F36FCB01}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bitwa o śródziemie ii\game.dat | "{43281175-D67F-464E-AFEC-4C84FFBA7FA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{444BA288-46AF-443C-BA26-D2BAAC7032AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{459849E3-3571-4E9F-B5BD-8A484B4EAC73}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47217946-8E7E-420E-976D-3B5AD639ECE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47349F4E-0817-4566-95C3-12B6F506B097}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47F31D22-DF0F-400C-BEF0-8314FC6A3CB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{48C0183F-A436-44C8-BEE2-F7255B1D4BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A4939D8-F461-4967-B05B-F38C6B5DD491}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BC9F6FC-FA9B-4DB3-B891-1AD0AD6C51A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BE1A408-4106-414D-8835-03271C8142E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EC5B852-639A-42CB-8770-33E36E94A98F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{55D089F6-42A9-47B3-9FAA-F375799B88CE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bitwa o śródziemie ii\game.dat | "{5713EDA6-B44E-4D11-B22D-0B803311CFC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{573417CD-AA1A-4989-A008-C9FE5467999D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B3C87B4-711C-421B-9D09-77EE323E3516}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{5C43A0E2-59F8-4247-966C-5B2C1D8650A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D59DE61-C3E9-4929-9C45-B42DEBA268DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5ED3FDB4-A439-4547-B27F-4C3B073C3C23}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5FBC68EC-36B3-4854-BAF4-37125568C567}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{634E1757-4AEC-41D2-B035-B5CAFB2DA69C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6522CA01-5F2D-4E0C-97A4-FC2462755AEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{667B01E7-4746-4E08-9147-47D9DD3BC7A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{68132967-1FF9-4B4E-A7E4-AC02DAAD0E59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69B3F3A4-5088-4D95-9632-DC35C07D4358}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{6E072742-4D4B-4003-81D6-6557809065EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7043EEA2-3D74-47C7-811F-7E1D2642B599}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{70BBEA19-F878-4A32-A35E-9E5C28D3CB52}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72DAC267-0F55-4D64-AD54-5770491121D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{731B2D94-A41A-4B81-B0AA-626D9649C4AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7456ED09-1D66-4700-9852-B93FF497AEA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74E9261B-BF3C-4966-83D4-A4C3146B1B88}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{756E018F-D0CE-46C6-B665-13CC501120CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{77A0AD32-304E-469D-89F1-E01B6C60A979}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78C814F0-41DD-44CE-9380-3A44C9B144D2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{7B8E2363-9425-4162-AF70-D7F0AF879E44}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7E574172-27BF-40C3-A23E-497FB303D555}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7EAB9380-3519-4273-91DA-6DAC427DE263}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{820EDC73-13AB-4054-AAFC-59DD88AEA071}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8446D91E-A088-43BA-AA7B-1DB68D2E3A27}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | "{859A0889-36B9-4BA0-A3C3-CDF82535B161}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8989A37E-88A0-4074-B966-F8610F6A4A75}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8AB9CDDF-995C-4779-9FE4-D1B7A37342C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90310C12-F0F5-45D8-9CA4-F560B532D8ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{927A709E-A7B9-4048-B965-85AB73A242B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{92A99139-EFBF-4264-84BB-A5B25E68BFAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{953F8075-508F-4EFC-ACEA-5DB8C7F43CAC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{9655E8C6-4DB6-4F03-9EB5-AEF76E7ED015}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97F5EEEB-5BDB-4D32-B6AF-0040EF0EE880}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{992456E6-91E0-4D06-A26B-8024D7BB778C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{9A988901-5D98-4865-B869-209B84767EF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E05AFE7-BE8F-4C95-B06A-7B161F3A355C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A05AE27B-0FAD-4432-B56B-0CF140FF4434}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A131EBC8-F07C-4F33-861C-C9E6FC740A07}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A56F20A9-B2A3-4715-B985-B237FA811B45}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9B97A7F-E18A-4101-8DB7-D5FBCEDE4DF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE7E8B39-3510-4DE7-8082-F1089B69EDFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B092DF4E-41EF-48EA-BF10-D5A57E7E1FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B6D16B62-F52A-4216-9CD1-0A848970AA8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7248D36-8FDB-4434-96B1-A861088C0F70}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B92DA10C-ECB3-4023-99D7-17391FA1973F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{C1B3C154-9592-46AB-9E87-6B71438AF817}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C27C12B4-3584-4B34-A095-9AA485E63F1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C49367C2-3F0B-4450-AE05-0B097AA780C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C56CF1AE-EF43-48CE-8062-5647B588F873}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C5B40DED-E548-4E6E-90BF-68E34B0B1F2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C6AB59D0-FDDD-4688-8A48-6626D58F949B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8B00D1B-B302-4D69-9E87-A8D30305B468}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8E028E0-AF44-4C52-AE70-73053DFD3822}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2A223E2-14C9-4ACA-B018-B2B8A71FBA3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2D9B6AD-EE65-479E-9D2B-CABB237F8AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D3D64D29-E99B-4C36-AAA1-59A44121F4B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D42EC6E3-C0DC-47A1-B37F-1191F79934B9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D4F151F9-1081-4994-B1C7-3EEE6AFFAF2C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D594564B-D53F-40A8-AC84-000BA5EEA3FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D8C6C58C-920C-4D90-BC44-62F84D37802B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D94A7647-BD8C-4E76-96FE-2FB01AAE81BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DC9155E9-90F8-4606-B0A9-A30E69B018EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E1ABCE58-56D4-407B-AD57-7CFB94A99DFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4BD6B49-6E6B-4AD9-9ED2-9340A3E391DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5603646-11BD-47FE-A88B-5F4EE188F2C4}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{E63AF067-194D-45C1-A4DF-CB0D1B87813E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E69C7FDF-AE87-411B-AA22-C628921C4C4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7C61BAB-F970-4D13-9107-C5DA3E6A374F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E81433A9-712F-4B8B-8389-A28568041E70}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9469CBB-F4EF-4977-8666-8C5BA89245EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA5E385A-05D9-49E0-9EA6-F319C642D6C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EADC4791-48F7-4BA5-BE96-65768DA01E8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED8A6D02-60AE-4B31-AF71-4DF6C4FFA6A5}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F328FA08-D53B-4D99-9C37-2E780913C4D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F64D3AA9-9D79-4F19-8167-D96FC035B3E1}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{F6A1F6B4-E396-4B6F-BC87-A2F63CECC6BF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{F95CC508-264B-4710-9DB1-E73B81E4A6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FB3B10B4-568C-47EA-9B32-0DDFC3108E33}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FC0FA5EC-7B0A-4B6B-B7B0-D3C9FD93783D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FDC59FCF-9F87-4F3C-9222-DABF7101B88B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FF22A23B-6D30-4AC1-B7FE-6A4B1960B9AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4 "_{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection "_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "_{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Project Creator "{00473C7D-1789-4873-9A75-96647FB01D27}" = Translatica 7 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{10A44844-4465-456E-8C97-80BDD4F68845}" = Asystent rejestrowania za pomocą identyfikatora Windows Live "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{223818EB-2BB5-4AAD-9F38-BA9668A4E3F3}" = Windows Live Messenger "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22 "{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie™ II "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works "{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6 "{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7 "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{472ABCE2-5B2E-4D29-ABF4-94E1097558A6}" = Diplomacy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) "{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4 "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{62621555-6310-433D-983E-957D707DC535}" = ESET Smart Security "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514) "{6D3A83A6-8F72-4354-A80D-721D1E54FC76}" = Garmin City Navigator Europe NT 2012.20 Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514) "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{804EC265-0837-4694-8324-7D385A08319F}" = Hearts of Iron III "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88CF7ACB-6A31-4EB0-9BA3-5C54D314620C}_is1" = Pasek TVN24 wersja 1.13 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core "{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English "{91120415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1) "{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 "{97AFC99F-3E90-4A9F-B4BA-CFDDB9785FDC}" = Jupiter 2008 Standard "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6EC5250-2E27-1B1C-2283-BBD468EEB1B9}" = e-Deklaracje "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin "{A84C785A-0796-4BED-9BC3-EFB6C4F12602}" = Mirar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobilny Internet "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.44 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements "{B1FD6402-6414-42B6-BD77-22F43087D783}" = Gary Grigsby's World At War "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 280.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103 "{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension "{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4 "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86) "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{DD876490-252F-4EEF-B205-2E8F5A6E523B}" = ProtectSmart Hard Drive Protection "{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL "{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM "{DF4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro "{DF4ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share "{DF612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{DF75FFEE-2FCE-4774-902A-749198C00A68}" = PureHD "{DF99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_PRJ "{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{DFBCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO "{DFC02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD "{DFC4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO "{DFD99A66-493F-468B-BCE1-6F88612B89D5}" = Contents "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Złota Edycja "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F37ACB45-F73B-47A2-BCE5-3019312D8A06}" = GPMapa 2009.3 "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "ALLConverter to 3GP_is1" = ALLConverter to 3GP "ALLPlayer_is1" = ALLPlayer V4.X "Alpha ASIO driver" = Lexicon Alpha ASIO (remove only) "AOL Toolbar" = Pasek narzędzi AOL 5.0 "BattlesInNormandyv101" = Battles In Normandy v1.01 "BB_is1" = RealDrums Set 14 "blueconnect" = blueconnect "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Counter-Strike 1.6" = Counter-Strike 1.6 "Crown Of Glory1.10" = Crown Of Glory "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "eMule" = eMule "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Przewodnik użytkownika" = EPSON Stylus SX200_SX400_TX200_TX400 Podręcznik "ForteDXi_is1" = ForteDXi 1.6 "Gadu-Gadu 10" = Gadu-Gadu 10 "GameSpy Arcade" = GameSpy Arcade "Gary Grigsby's World At War1.040" = Gary Grigsby's World At War "Google Chrome" = Google Chrome "Guitar Pro 4.0.7" = Guitar Pro 4.0.7 "IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "InstallShield_{97AFC99F-3E90-4A9F-B4BA-CFDDB9785FDC}" = Jupiter 2008 Standard "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Złota Edycja "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Instrukcja użytkownika ESPR220" = Instrukcja użytkownika ESPR220 "ipla" = ipla 2.2 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full) "LexiconStudio" = Lexicon Pantheon VST Plug-in (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mistrz Klawiatury 1.0_is1" = Mistrz Klawiatury 1.0 "Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl) "Narodziny Ameryki_is1" = Narodziny Ameryki "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4 "Native Instruments Kontakt Player Sibelius" = Native Instruments Kontakt Player Sibelius "Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3 "Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver "Native Instruments Service Center" = Native Instruments Service Center "Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "OpenAL" = OpenAL "Pasek TVN24" = Pasek TVN24 1.11 "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1 "Próba Czasu" = Cywilizacja II: Próba Czasu "RealPlayer 6.0" = RealPlayer "SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "Sibelius 3" = Sibelius 3 "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Steam App 34030" = Napoleon: Total War "Steam App 63950" = IL-2 Sturmovik: Cliffs of Dover "Syncrosoft License Control" = Syncrosoft License Control "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VASSAL (3.1.16)" = VASSAL (3.1.16) "Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10 "Waves GTR 3" = Waves GTR 3 "Wielka Encyklopedia Roślin" = Wielka Encyklopedia Roślin "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.6 "WinKalk" = WinKalk "WinRAR archiver" = Archiwizator WinRAR "Xfire" = Xfire (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "DealAssistant" = DealAssistant "VASSAL" = VASSAL [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-09-22 03:24:49 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-23 02:54:07 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-23 12:46:25 | Computer Name = KAROL-PC | Source = Google Update | ID = 20 Description = Error - 2010-09-23 16:52:29 | Computer Name = KAROL-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd POWERPNT.EXE, wersja 11.0.8324.0, sygnatura czasowa 0x4bc93678, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000005, przesunięcie błędu 0x0003974e, identyfikator procesu 0x1358, godzina rozpoczęcia aplikacji 0x01cb5b57f4676410. Error - 2010-09-24 03:53:37 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-25 03:16:03 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 03:09:27 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 04:05:42 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 05:24:05 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 06:47:54 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = [ DigitalPersona Pro Events ] Error - 2009-04-14 08:01:44 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-14 08:01:49 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-14 08:02:03 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-25 16:15:26 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-25 16:15:31 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2001-01-01 21:27:43 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2010-01-18 07:17:06 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827589 Description = DPHost cannot start. Error: 0x8009000f [ Media Center Events ] Error - 2009-03-25 03:16:47 | Computer Name = KAROL-PC | Source = MCUpdate | ID = 0 Description = Oczekiwanie na obiekt mutex funkcji MCUpdate nie powiodło się i zgłoszono wyjątek: Oczekiwanie zakończone z powodu porzuconego elementu mutex.. Error - 2010-01-03 07:43:33 | Computer Name = KAROL-PC | Source = Media Center Guide | ID = 0 Description = Informacje o zdarzeniu: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Proces: DefaultDomain Nazwa obiektu: Media Center Guide Error - 2010-06-03 17:07:38 | Computer Name = KAROL-PC | Source = Media Center Guide | ID = 0 Description = Informacje o zdarzeniu: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109 Proces: DefaultDomain Nazwa obiektu: Media Center Guide [ System Events ] Error - 2011-09-28 08:11:46 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-28 08:28:56 | Computer Name = KAROL-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 14:27:12 na 2011-09-28 było nieoczekiwane. Error - 2011-09-28 08:29:35 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-28 08:31:42 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-09-28 10:30:23 | Computer Name = KAROL-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:00:47 na 2011-09-28 było nieoczekiwane. Error - 2011-09-28 10:31:22 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-09-28 10:31:53 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-28 11:13:40 | Computer Name = KAROL-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 17:00:13 na 2011-09-28 było nieoczekiwane. Error - 2011-09-28 11:14:57 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-09-28 11:15:08 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = [ Translatica Events ] Error - 2010-08-02 17:06:31 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-03 14:00:54 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-11 17:29:38 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-12 05:46:45 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 07:23:38 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 17:52:29 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 17:54:19 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-16 15:59:16 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-16 16:24:24 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-17 18:28:00 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. < End of report >[/log] Podczas skanowania Gmerem crashuje mi gdy dochodzi do skanowania pliku volumeshadowcopy3, za każdym razem. :/ (crashuje sam program, nie windows)
Gość komentarz 28 września 2011 komentarz 28 września 2011 [quote]Podczas skanowania Gmerem crashuje mi gdy dochodzi do skanowania pliku volumeshadowcopy3, za każdym razem. :/[/quote] Zrób scan [b]MBRCHeck[/b] i daj z tego log [url="http://www.hotfix.pl/wykrywanie-rootkitow-w-sektorze-mbr-mbrcheck-exe-a340.htm"]http://www.hotfix.pl/wykrywanie-rootkitow-w-sektorze-mbr-mbrcheck-exe-a340.htm[/url]
Perfer komentarz 29 września 2011 Autor komentarz 29 września 2011 (edytowane) Log z MBRCheck'a: [log] MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Compal BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv7 Notebook PC Logical Drives Mask: 0x0000005c Kernel Drivers (total 215): 0x8261A000 \SystemRoot\system32\ntkrnlpa.exe 0x829D3000 \SystemRoot\system32\hal.dll 0x80404000 \SystemRoot\system32\kdcom.dll 0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047B000 \SystemRoot\system32\PSHED.dll 0x8048C000 \SystemRoot\system32\BOOTVID.dll 0x80494000 \SystemRoot\system32\CLFS.SYS 0x804D5000 \SystemRoot\system32\CI.dll 0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068A000 \SystemRoot\system32\drivers\acpi.sys 0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E1000 \SystemRoot\system32\drivers\pci.sys 0x80708000 \SystemRoot\system32\drivers\isapnp.sys 0x80717000 \SystemRoot\system32\drivers\mpio.sys 0x80733000 \SystemRoot\System32\drivers\partmgr.sys 0x80742000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80745000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8074F000 \SystemRoot\system32\drivers\volmgr.sys 0x8075E000 \SystemRoot\System32\drivers\volmgrx.sys 0x807A8000 \SystemRoot\system32\drivers\intelide.sys 0x807AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807BD000 \SystemRoot\system32\drivers\pciide.sys 0x807C4000 \SystemRoot\system32\drivers\aliide.sys 0x807CB000 \SystemRoot\system32\drivers\amdide.sys 0x807D2000 \SystemRoot\system32\drivers\cmdide.sys 0x807DA000 \SystemRoot\System32\drivers\mountmgr.sys 0x805B5000 \SystemRoot\system32\drivers\msdsm.sys 0x805CF000 \SystemRoot\system32\drivers\nvraid.sys 0x8AC0E000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8AC2F000 \SystemRoot\system32\drivers\viaide.sys 0x8AC37000 \SystemRoot\system32\drivers\iastorv.sys 0x8ACD8000 \SystemRoot\system32\drivers\atapi.sys 0x8ACE0000 \SystemRoot\system32\drivers\ataport.SYS 0x8ACFE000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x8AD18000 \SystemRoot\system32\drivers\storport.sys 0x8AD59000 \SystemRoot\system32\drivers\nvstor.sys 0x8AD66000 \SystemRoot\system32\drivers\msahci.sys 0x8AD70000 \SystemRoot\system32\drivers\hpcisss.sys 0x8AD7B000 \SystemRoot\system32\drivers\adp94xx.sys 0x8AE03000 \SystemRoot\system32\drivers\adpahci.sys 0x8AE4F000 \SystemRoot\system32\drivers\adpu160m.sys 0x8AE6A000 \SystemRoot\system32\drivers\SCSIPORT.SYS 0x8AE90000 \SystemRoot\system32\drivers\adpu320.sys 0x8AEB6000 \SystemRoot\system32\drivers\djsvs.sys 0x8AECA000 \SystemRoot\system32\drivers\arc.sys 0x8AEE0000 \SystemRoot\system32\drivers\arcsas.sys 0x8AEF6000 \SystemRoot\system32\drivers\elxstor.sys 0x8AF8A000 \SystemRoot\system32\drivers\i2omp.sys 0x8AF94000 \SystemRoot\system32\drivers\iirsp.sys 0x8AFA4000 \SystemRoot\system32\drivers\iteatapi.sys 0x8AFB0000 \SystemRoot\system32\drivers\iteraid.sys 0x8AFBC000 \SystemRoot\system32\drivers\lsi_fc.sys 0x8AFD6000 \SystemRoot\system32\drivers\lsi_sas.sys 0x8AFEE000 \SystemRoot\system32\drivers\megasas.sys 0x8B003000 \SystemRoot\system32\drivers\megasr.sys 0x8B0BA000 \SystemRoot\system32\drivers\mraid35x.sys 0x8B0C5000 \SystemRoot\system32\drivers\nfrd960.sys 0x8B20E000 \SystemRoot\system32\drivers\ql2300.sys 0x8B346000 \SystemRoot\system32\drivers\ql40xx.sys 0x8B39B000 \SystemRoot\system32\drivers\sisraid2.sys 0x8B3A8000 \SystemRoot\system32\drivers\sisraid4.sys 0x8B3BD000 \SystemRoot\system32\drivers\symc8xx.sys 0x8B3C9000 \SystemRoot\system32\drivers\sym_hi.sys 0x8B3D4000 \SystemRoot\system32\drivers\sym_u3.sys 0x8B0D3000 \SystemRoot\system32\drivers\uliahci.sys 0x8B3DF000 \SystemRoot\system32\drivers\ulsata.sys 0x8B10F000 \SystemRoot\system32\drivers\ulsata2.sys 0x8B13B000 \SystemRoot\system32\drivers\vsmraid.sys 0x8B15C000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B18E000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B40D000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B47E000 \SystemRoot\system32\drivers\ndis.sys 0x8B589000 \SystemRoot\system32\drivers\msrpc.sys 0x8B5B4000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B609000 \SystemRoot\System32\drivers\tcpip.sys 0x8B6F3000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B801000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B911000 \SystemRoot\system32\drivers\wd.sys 0x8B919000 \SystemRoot\system32\drivers\volsnap.sys 0x8B952000 \SystemRoot\System32\Drivers\spldr.sys 0x8B95A000 \SystemRoot\system32\drivers\sbp2port.sys 0x8B96F000 \SystemRoot\System32\Drivers\mup.sys 0x8B97E000 \SystemRoot\System32\drivers\ecache.sys 0x8B9A5000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x8B9AE000 \SystemRoot\system32\drivers\disk.sys 0x8B9BF000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B9EA000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B70E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B9F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8FA02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x903E8000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x8B71D000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x903EA000 \SystemRoot\System32\drivers\watchdog.sys 0x8B7BE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8B19E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8B7C9000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9040E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90600000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x90989000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x909AB000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x909BB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x909C9000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x909E0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x909F3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x9049B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x904A6000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x909F8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x904D6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x904E1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x909FA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x904F9000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x90504000 \SystemRoot\system32\DRIVERS\enecir.sys 0x9051C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x90525000 \SystemRoot\system32\DRIVERS\Epfwndis.sys 0x90530000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x9055F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9056A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90581000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x9058C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x905AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x905BE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x905D2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x905E7000 \SystemRoot\system32\DRIVERS\termdd.sys 0x905F7000 \SystemRoot\system32\DRIVERS\swenum.sys 0x90E0F000 \SystemRoot\system32\DRIVERS\ks.sys 0x90E39000 \SystemRoot\system32\DRIVERS\circlass.sys 0x90E47000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x90E51000 \SystemRoot\system32\DRIVERS\umbus.sys 0x90E5E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90E93000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90EA4000 \SystemRoot\system32\DRIVERS\stwrt.sys 0x90F06000 \SystemRoot\system32\DRIVERS\portcls.sys 0x90F33000 \SystemRoot\system32\DRIVERS\drmk.sys 0x90F58000 \SystemRoot\system32\drivers\nvhda32v.sys 0x90F7D000 \SystemRoot\system32\DRIVERS\hidir.sys 0x90F88000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x90F98000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90F9F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x90FA8000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x90FB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90FB9000 \SystemRoot\System32\Drivers\Null.SYS 0x90FC0000 \SystemRoot\System32\Drivers\Beep.SYS 0x90FC7000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0x90FE6000 \SystemRoot\System32\drivers\vga.sys 0x8B7D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90FF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90E00000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90400000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B5EF000 \SystemRoot\System32\Drivers\Npfs.SYS 0x903F6000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8B1DC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8ADE5000 \SystemRoot\system32\DRIVERS\smb.sys 0x91608000 \SystemRoot\system32\drivers\afd.sys 0x91650000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91682000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91698000 \SystemRoot\system32\DRIVERS\netbios.sys 0x916A6000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x916B9000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x916F5000 \SystemRoot\system32\drivers\nsiproxy.sys 0x916FF000 \??\C:\Program Files\Clarus\Samsung SecretZone\mvd17.sys 0x9170E000 \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys 0x91717000 \SystemRoot\System32\Drivers\dfsc.sys 0x9172E000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9173B000 \SystemRoot\System32\Drivers\bthport.sys 0x917BB000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x917D2000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x92A06000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x92A2F000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x92A39000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x92A53000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0x92A62000 \SystemRoot\system32\drivers\modem.sys 0x92A6F000 \SystemRoot\system32\drivers\btwavdt.sys 0x92ADA000 \SystemRoot\system32\drivers\btwaudio.sys 0x92B5A000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x92B5D000 \SystemRoot\system32\drivers\vfs101x.sys 0x92B6A000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x92B80000 \SystemRoot\System32\Drivers\usbvideo.sys 0x92BA1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92BAE000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x92BB9000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9B490000 \SystemRoot\System32\win32k.sys 0x92BC3000 \SystemRoot\System32\drivers\Dxapi.sys 0x92BCD000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B6B0000 \SystemRoot\System32\TSDDD.dll 0x9B6D0000 \SystemRoot\System32\cdd.dll 0x92BDC000 \SystemRoot\system32\drivers\luafv.sys 0x9F40D000 \SystemRoot\system32\DRIVERS\eamonm.sys 0x9F4B3000 \SystemRoot\system32\DRIVERS\epfw.sys 0x9F4D5000 \SystemRoot\system32\drivers\spsys.sys 0x9F585000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9F595000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9F5BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9F5C9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA2005000 \SystemRoot\system32\drivers\HTTP.sys 0xA2072000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA208F000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA20A8000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA20BD000 \SystemRoot\system32\drivers\mrxdav.sys 0xA20DE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA20FD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2136000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA214E000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2175000 \SystemRoot\System32\DRIVERS\srv.sys 0xA21DB000 \SystemRoot\system32\DRIVERS\epfwwfp.sys 0xA4A07000 \SystemRoot\system32\drivers\peauth.sys 0xA4AE5000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 0xA4B0D000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA4B17000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA4B25000 \??\C:\Windows\system32\FsUsbExDisk.SYS 0xA4B2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xA4B43000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA4B58000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x77BA0000 \Windows\System32\ntdll.dll Processes (total 99): 0 System Idle Process 4 SYSTEM 516 C:\Windows\System32\smss.exe 604 csrss.exe 656 C:\Windows\System32\wininit.exe 672 csrss.exe 704 C:\Windows\System32\services.exe 720 C:\Windows\System32\lsass.exe 728 C:\Windows\System32\lsm.exe 876 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\nvvsvc.exe 952 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\winlogon.exe 1084 C:\Windows\System32\svchost.exe 1108 C:\Windows\System32\svchost.exe 1120 C:\Windows\System32\svchost.exe 1164 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe 1220 C:\Windows\System32\audiodg.exe 1344 C:\Windows\System32\svchost.exe 1376 C:\Windows\System32\SLsvc.exe 1432 C:\Windows\System32\svchost.exe 1528 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1540 C:\Windows\System32\nvvsvc.exe 1560 C:\Windows\System32\hpservice.exe 1696 C:\Windows\System32\vfsFPService.exe 1756 C:\Windows\System32\svchost.exe 1968 C:\Windows\System32\spoolsv.exe 1980 C:\Windows\System32\taskeng.exe 2000 C:\Program Files\DigitalPersona\Bin\DpHostW.exe 424 C:\Windows\System32\svchost.exe 524 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 2052 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe 2080 C:\Windows\System32\svchost.exe 2100 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2132 C:\Program Files\Bonjour\mDNSResponder.exe 2148 C:\Windows\System32\svchost.exe 2172 C:\Program Files\ESET\ESET Smart Security\ekrn.exe 2316 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE 2328 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE 2348 C:\Windows\System32\FsUsbExService.Exe 2376 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2416 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE 2444 C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe 2480 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 2516 C:\Windows\System32\PnkBstrA.exe 2528 C:\Windows\System32\svchost.exe 2544 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2564 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2588 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe 2612 C:\Windows\SMINST\BLService.exe 2636 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2708 C:\Windows\System32\svchost.exe 2760 C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe 2788 C:\Windows\System32\svchost.exe 2812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2832 C:\Windows\System32\SearchIndexer.exe 3200 WmiPrvSE.exe 3272 C:\Windows\servicing\TrustedInstaller.exe 3460 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3768 C:\Windows\System32\taskeng.exe 3780 C:\Windows\System32\dwm.exe 3860 C:\Windows\explorer.exe 4028 WUDFHost.exe 1772 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 532 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 388 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 2700 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2900 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3028 C:\Program Files\DigitalPersona\Bin\DpAgent.exe 2704 C:\Program Files\Netia\Mobilny Internet\UIExec.exe 1392 C:\Program Files\blueconnect\DataCardMonitor.exe 3260 C:\Program Files\ESET\ESET Smart Security\egui.exe 2976 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3448 C:\Program Files\Common Files\Corel\Standby\Standby.exe 3452 C:\Program Files\iTunes\iTunesHelper.exe 936 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 832 C:\Windows\ehome\ehtray.exe 3064 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3712 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE 3788 C:\Program Files\Windows Media Player\wmpnscfg.exe 3760 C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe 3752 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe 3820 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2668 C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe 3840 C:\Windows\ehome\ehmsas.exe 3384 C:\Program Files\Windows Media Player\wmpnetwk.exe 3304 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 3396 WmiPrvSE.exe 4276 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 4440 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 4528 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4676 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 5120 C:\Program Files\iPod\bin\iPodService.exe 5160 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 5456 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 460 C:\Windows\System32\conime.exe 2408 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 1260 C:\Users\KAROL\Desktop\MBRCheck.exe 5664 C:\Windows\System32\wbem\WMIADAP.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`85400000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! [/log] p.s. Jak to jest że ESET 4 tego nie wykrywa?(nie chodzi mi o wyleczenie/kasowanie, a o samo wykrywanie) musiał zostać nagrany w momencie gdy już to było, czy on tego po prostu nie ogarnia, bo nie ładuje się aż tak w pliki systemowe? btw. dzięki że mi pomagasz!
Gość komentarz 29 września 2011 komentarz 29 września 2011 1. Odinstaluj Deamon Tools i usuń sterownik [b]SPTD[/b] - instrukcja [url="http://www.fixitpc.pl/forum-38/announcement-2-wazne-oprogramowanie-emulujace-napedy/"]http://www.fixitpc.p...ulujace-napedy/[/url] 2. Uruchom Kasperski [b]TDSSKiller[/b] [url="http://support.kaspersky.com/pl/faq/?qid=208283359"]http://support.kaspe.../?qid=208283359[/url] jeśli Kasperski coś znajdzie nic nie usuwaj, (opcje ustaw na SKIP) tylko daj z skanu log.
Perfer komentarz 29 września 2011 Autor komentarz 29 września 2011 Scan TDSSKiller: [log] 18:46:09.0037 5488 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43 18:46:09.0234 5488 ============================================================ 18:46:09.0234 5488 Current date / time: 2011/09/29 18:46:09.0234 18:46:09.0234 5488 SystemInfo: 18:46:09.0234 5488 18:46:09.0234 5488 OS Version: 6.0.6002 ServicePack: 2.0 18:46:09.0234 5488 Product type: Workstation 18:46:09.0234 5488 ComputerName: KAROL-PC 18:46:09.0234 5488 UserName: KAROL 18:46:09.0234 5488 Windows directory: C:\Windows 18:46:09.0234 5488 System windows directory: C:\Windows 18:46:09.0234 5488 Processor architecture: Intel x86 18:46:09.0234 5488 Number of processors: 2 18:46:09.0234 5488 Page size: 0x1000 18:46:09.0235 5488 Boot type: Normal boot 18:46:09.0235 5488 ============================================================ 18:46:10.0383 5488 Initialize success 18:46:15.0198 4236 ============================================================ 18:46:15.0198 4236 Scan started 18:46:15.0198 4236 Mode: Manual; SigCheck; TDLFS; 18:46:15.0198 4236 ============================================================ 18:46:15.0827 4236 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys 18:46:15.0906 4236 Accelerometer - ok 18:46:15.0951 4236 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 18:46:15.0971 4236 ACPI - ok 18:46:16.0049 4236 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 18:46:16.0143 4236 adp94xx - ok 18:46:16.0160 4236 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 18:46:16.0172 4236 adpahci - ok 18:46:16.0217 4236 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 18:46:16.0228 4236 adpu160m - ok 18:46:16.0246 4236 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 18:46:16.0258 4236 adpu320 - ok 18:46:16.0318 4236 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 18:46:16.0344 4236 AFD - ok 18:46:16.0367 4236 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 18:46:16.0376 4236 agp440 - ok 18:46:16.0401 4236 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 18:46:16.0413 4236 aic78xx - ok 18:46:16.0461 4236 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 18:46:16.0470 4236 aliide - ok 18:46:16.0492 4236 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 18:46:16.0502 4236 amdagp - ok 18:46:16.0515 4236 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 18:46:16.0524 4236 amdide - ok 18:46:16.0549 4236 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 18:46:16.0573 4236 AmdK7 - ok 18:46:16.0589 4236 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 18:46:16.0614 4236 AmdK8 - ok 18:46:16.0642 4236 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 18:46:16.0651 4236 arc - ok 18:46:16.0663 4236 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 18:46:16.0674 4236 arcsas - ok 18:46:16.0709 4236 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 18:46:16.0732 4236 AsyncMac - ok 18:46:16.0755 4236 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 18:46:16.0766 4236 atapi - ok 18:46:16.0809 4236 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 18:46:16.0857 4236 BCM43XV - ok 18:46:16.0889 4236 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 18:46:16.0912 4236 Beep - ok 18:46:16.0942 4236 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 18:46:16.0971 4236 blbdrive - ok 18:46:17.0015 4236 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 18:46:17.0041 4236 bowser - ok 18:46:17.0060 4236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 18:46:17.0078 4236 BrFiltLo - ok 18:46:17.0099 4236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 18:46:17.0118 4236 BrFiltUp - ok 18:46:17.0143 4236 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 18:46:17.0186 4236 Brserid - ok 18:46:17.0205 4236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 18:46:17.0248 4236 BrSerWdm - ok 18:46:17.0266 4236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 18:46:17.0308 4236 BrUsbMdm - ok 18:46:17.0331 4236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 18:46:17.0373 4236 BrUsbSer - ok 18:46:17.0415 4236 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 18:46:17.0433 4236 BthEnum - ok 18:46:17.0468 4236 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 18:46:17.0486 4236 BTHMODEM - ok 18:46:17.0520 4236 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 18:46:17.0545 4236 BthPan - ok 18:46:17.0579 4236 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 18:46:17.0604 4236 BTHPORT - ok 18:46:17.0641 4236 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 18:46:17.0660 4236 BTHUSB - ok 18:46:17.0688 4236 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys 18:46:17.0758 4236 btwaudio - ok 18:46:17.0779 4236 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys 18:46:17.0787 4236 btwavdt - ok 18:46:17.0802 4236 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys 18:46:17.0808 4236 btwrchid - ok 18:46:17.0831 4236 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 18:46:17.0856 4236 cdfs - ok 18:46:17.0898 4236 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 18:46:17.0954 4236 cdrom - ok 18:46:17.0977 4236 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 18:46:18.0002 4236 circlass - ok 18:46:18.0045 4236 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 18:46:18.0062 4236 CLFS - ok 18:46:18.0113 4236 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 18:46:18.0137 4236 CmBatt - ok 18:46:18.0158 4236 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 18:46:18.0167 4236 cmdide - ok 18:46:18.0182 4236 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 18:46:18.0191 4236 Compbatt - ok 18:46:18.0207 4236 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 18:46:18.0216 4236 crcdisk - ok 18:46:18.0238 4236 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 18:46:18.0263 4236 Crusoe - ok 18:46:18.0331 4236 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 18:46:18.0349 4236 DfsC - ok 18:46:18.0380 4236 DfuUsb (0819d9af77d51b1c397d1097aa5bfddc) C:\Windows\system32\DRIVERS\DFUUsb.sys 18:46:18.0384 4236 DfuUsb ( UnsignedFile.Multi.Generic ) - warning 18:46:18.0384 4236 DfuUsb - detected UnsignedFile.Multi.Generic (1) 18:46:18.0428 4236 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 18:46:18.0457 4236 disk - ok 18:46:18.0482 4236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 18:46:18.0501 4236 drmkaud - ok 18:46:18.0553 4236 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 18:46:18.0632 4236 DXGKrnl - ok 18:46:18.0673 4236 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 18:46:18.0723 4236 E1G60 - ok 18:46:18.0834 4236 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\Windows\system32\DRIVERS\eamonm.sys 18:46:18.0842 4236 eamonm - ok 18:46:18.0891 4236 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 18:46:18.0902 4236 Ecache - ok 18:46:18.0964 4236 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys 18:46:18.0974 4236 ehdrv - ok 18:46:19.0058 4236 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 18:46:19.0078 4236 elxstor - ok 18:46:19.0130 4236 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys 18:46:19.0141 4236 enecir - ok 18:46:19.0209 4236 epfw (15bfe00f030ea20955117bb0677e9668) C:\Windows\system32\DRIVERS\epfw.sys 18:46:19.0219 4236 epfw - ok 18:46:19.0298 4236 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\Windows\system32\DRIVERS\Epfwndis.sys 18:46:19.0304 4236 Epfwndis - ok 18:46:19.0354 4236 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\Windows\system32\DRIVERS\epfwwfp.sys 18:46:19.0361 4236 epfwwfp - ok 18:46:19.0411 4236 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 18:46:19.0435 4236 ErrDev - ok 18:46:19.0487 4236 ewusbnet - ok 18:46:19.0536 4236 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 18:46:19.0552 4236 exfat - ok 18:46:19.0593 4236 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 18:46:19.0619 4236 fastfat - ok 18:46:19.0638 4236 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 18:46:19.0661 4236 fdc - ok 18:46:19.0689 4236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 18:46:19.0697 4236 FileInfo - ok 18:46:19.0718 4236 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 18:46:19.0743 4236 Filetrace - ok 18:46:19.0758 4236 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 18:46:19.0781 4236 flpydisk - ok 18:46:19.0829 4236 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 18:46:19.0841 4236 FltMgr - ok 18:46:19.0944 4236 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 18:46:19.0950 4236 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 18:46:19.0950 4236 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 18:46:19.0991 4236 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 18:46:20.0009 4236 Fs_Rec - ok 18:46:20.0030 4236 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 18:46:20.0040 4236 gagp30kx - ok 18:46:20.0077 4236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:46:20.0084 4236 GEARAspiWDM - ok 18:46:20.0166 4236 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 18:46:20.0179 4236 HdAudAddService - ok 18:46:20.0241 4236 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:46:20.0283 4236 HDAudBus - ok 18:46:20.0323 4236 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 18:46:20.0366 4236 HidBth - ok 18:46:20.0396 4236 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 18:46:20.0414 4236 HidIr - ok 18:46:20.0468 4236 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 18:46:20.0486 4236 HidUsb - ok 18:46:20.0508 4236 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 18:46:20.0516 4236 HpCISSs - ok 18:46:20.0565 4236 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys 18:46:20.0571 4236 hpdskflt - ok 18:46:20.0602 4236 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 18:46:20.0612 4236 HpqKbFiltr - ok 18:46:20.0646 4236 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 18:46:20.0672 4236 HSFHWAZL - ok 18:46:20.0712 4236 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 18:46:20.0768 4236 HSF_DPV - ok 18:46:20.0831 4236 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys 18:46:20.0844 4236 HTCAND32 - ok 18:46:20.0882 4236 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys 18:46:20.0893 4236 htcnprot - ok 18:46:20.0937 4236 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 18:46:20.0956 4236 HTTP - ok 18:46:20.0967 4236 huawei_enumerator - ok 18:46:20.0987 4236 hwdatacard - ok 18:46:21.0035 4236 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 18:46:21.0044 4236 i2omp - ok 18:46:21.0093 4236 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 18:46:21.0113 4236 i8042prt - ok 18:46:21.0133 4236 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 18:46:21.0145 4236 iaStorV - ok 18:46:21.0169 4236 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 18:46:21.0177 4236 iirsp - ok 18:46:21.0205 4236 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 18:46:21.0213 4236 intelide - ok 18:46:21.0234 4236 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 18:46:21.0260 4236 intelppm - ok 18:46:21.0278 4236 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:46:21.0322 4236 IpFilterDriver - ok 18:46:21.0335 4236 IpInIp - ok 18:46:21.0363 4236 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 18:46:21.0387 4236 IPMIDRV - ok 18:46:21.0403 4236 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 18:46:21.0430 4236 IPNAT - ok 18:46:21.0471 4236 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 18:46:21.0496 4236 IRENUM - ok 18:46:21.0515 4236 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 18:46:21.0524 4236 isapnp - ok 18:46:21.0579 4236 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 18:46:21.0594 4236 iScsiPrt - ok 18:46:21.0619 4236 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 18:46:21.0627 4236 iteatapi - ok 18:46:21.0653 4236 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 18:46:21.0662 4236 iteraid - ok 18:46:21.0685 4236 JMCR (da971cfc625d13636e04c405948e9d62) C:\Windows\system32\DRIVERS\jmcr.sys 18:46:21.0702 4236 JMCR - ok 18:46:21.0716 4236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:46:21.0726 4236 kbdclass - ok 18:46:21.0774 4236 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 18:46:21.0793 4236 kbdhid - ok 18:46:21.0844 4236 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 18:46:21.0868 4236 KSecDD - ok 18:46:21.0944 4236 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 18:46:21.0968 4236 lltdio - ok 18:46:21.0990 4236 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 18:46:22.0000 4236 LSI_FC - ok 18:46:22.0027 4236 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 18:46:22.0038 4236 LSI_SAS - ok 18:46:22.0051 4236 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 18:46:22.0062 4236 LSI_SCSI - ok 18:46:22.0075 4236 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 18:46:22.0102 4236 luafv - ok 18:46:22.0135 4236 MailScan - ok 18:46:22.0175 4236 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys 18:46:22.0186 4236 massfilter - ok 18:46:22.0236 4236 mdf15 (2c9959e7fbbc4b17470912ddd50426f2) C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys 18:46:22.0241 4236 mdf15 ( UnsignedFile.Multi.Generic ) - warning 18:46:22.0241 4236 mdf15 - detected UnsignedFile.Multi.Generic (1) 18:46:22.0278 4236 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 18:46:22.0288 4236 megasas - ok 18:46:22.0326 4236 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 18:46:22.0342 4236 MegaSR - ok 18:46:22.0386 4236 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 18:46:22.0411 4236 Modem - ok 18:46:22.0457 4236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 18:46:22.0482 4236 monitor - ok 18:46:22.0521 4236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 18:46:22.0531 4236 mouclass - ok 18:46:22.0554 4236 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 18:46:22.0578 4236 mouhid - ok 18:46:22.0602 4236 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 18:46:22.0611 4236 MountMgr - ok 18:46:22.0624 4236 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 18:46:22.0639 4236 mpio - ok 18:46:22.0664 4236 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 18:46:22.0683 4236 mpsdrv - ok 18:46:22.0712 4236 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 18:46:22.0721 4236 Mraid35x - ok 18:46:22.0750 4236 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 18:46:22.0763 4236 MRxDAV - ok 18:46:22.0799 4236 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:46:22.0813 4236 mrxsmb - ok 18:46:22.0837 4236 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:46:22.0853 4236 mrxsmb10 - ok 18:46:22.0866 4236 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:46:22.0880 4236 mrxsmb20 - ok 18:46:22.0945 4236 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 18:46:22.0955 4236 msahci - ok 18:46:22.0986 4236 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 18:46:22.0995 4236 msdsm - ok 18:46:23.0017 4236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 18:46:23.0042 4236 Msfs - ok 18:46:23.0059 4236 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 18:46:23.0067 4236 msisadrv - ok 18:46:23.0088 4236 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 18:46:23.0111 4236 MSKSSRV - ok 18:46:23.0125 4236 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 18:46:23.0149 4236 MSPCLOCK - ok 18:46:23.0172 4236 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 18:46:23.0195 4236 MSPQM - ok 18:46:23.0245 4236 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 18:46:23.0260 4236 MsRPC - ok 18:46:23.0284 4236 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 18:46:23.0293 4236 mssmbios - ok 18:46:23.0308 4236 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 18:46:23.0333 4236 MSTEE - ok 18:46:23.0351 4236 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 18:46:23.0361 4236 Mup - ok 18:46:23.0408 4236 mvd17 (5e7782f9f87c740f97eaab131ea54562) C:\Program Files\Clarus\Samsung SecretZone\mvd17.sys 18:46:23.0413 4236 mvd17 ( UnsignedFile.Multi.Generic ) - warning 18:46:23.0413 4236 mvd17 - detected UnsignedFile.Multi.Generic (1) 18:46:23.0465 4236 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 18:46:23.0478 4236 NativeWifiP - ok 18:46:23.0529 4236 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 18:46:23.0567 4236 NDIS - ok 18:46:23.0631 4236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 18:46:23.0650 4236 NdisTapi - ok 18:46:23.0672 4236 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 18:46:23.0695 4236 Ndisuio - ok 18:46:23.0737 4236 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 18:46:23.0758 4236 NdisWan - ok 18:46:23.0779 4236 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 18:46:23.0799 4236 NDProxy - ok 18:46:23.0837 4236 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 18:46:23.0861 4236 NetBIOS - ok 18:46:23.0902 4236 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 18:46:23.0925 4236 netbt - ok 18:46:24.0062 4236 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 18:46:24.0254 4236 NETw5v32 - ok 18:46:24.0268 4236 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 18:46:24.0278 4236 nfrd960 - ok 18:46:24.0346 4236 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 18:46:24.0366 4236 Npfs - ok 18:46:24.0407 4236 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 18:46:24.0430 4236 nsiproxy - ok 18:46:24.0504 4236 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 18:46:24.0564 4236 Ntfs - ok 18:46:24.0594 4236 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 18:46:24.0636 4236 ntrigdigi - ok 18:46:24.0659 4236 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 18:46:24.0683 4236 Null - ok 18:46:24.0713 4236 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys 18:46:24.0763 4236 NVENETFD - ok 18:46:24.0810 4236 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys 18:46:24.0820 4236 NVHDA - ok 18:46:25.0090 4236 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:46:25.0610 4236 nvlddmkm - ok 18:46:25.0660 4236 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 18:46:25.0670 4236 nvraid - ok 18:46:25.0683 4236 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 18:46:25.0692 4236 nvstor - ok 18:46:25.0745 4236 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 18:46:25.0754 4236 nv_agp - ok 18:46:25.0767 4236 NwlnkFlt - ok 18:46:25.0781 4236 NwlnkFwd - ok 18:46:25.0829 4236 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 18:46:25.0847 4236 ohci1394 - ok 18:46:25.0913 4236 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 18:46:25.0957 4236 Parport - ok 18:46:26.0003 4236 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 18:46:26.0033 4236 partmgr - ok 18:46:26.0056 4236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 18:46:26.0098 4236 Parvdm - ok 18:46:26.0141 4236 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 18:46:26.0153 4236 pci - ok 18:46:26.0176 4236 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 18:46:26.0185 4236 pciide - ok 18:46:26.0209 4236 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 18:46:26.0219 4236 pcmcia - ok 18:46:26.0262 4236 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 18:46:26.0351 4236 PEAUTH - ok 18:46:26.0426 4236 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 18:46:26.0450 4236 PptpMiniport - ok 18:46:26.0470 4236 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 18:46:26.0494 4236 Processor - ok 18:46:26.0547 4236 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 18:46:26.0566 4236 PSched - ok 18:46:26.0642 4236 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 18:46:26.0700 4236 ql2300 - ok 18:46:26.0723 4236 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 18:46:26.0732 4236 ql40xx - ok 18:46:26.0766 4236 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 18:46:26.0778 4236 QWAVEdrv - ok 18:46:26.0797 4236 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 18:46:26.0820 4236 RasAcd - ok 18:46:26.0846 4236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:46:26.0869 4236 Rasl2tp - ok 18:46:26.0926 4236 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 18:46:26.0944 4236 RasPppoe - ok 18:46:26.0998 4236 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 18:46:27.0021 4236 RasSstp - ok 18:46:27.0071 4236 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 18:46:27.0092 4236 rdbss - ok 18:46:27.0106 4236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:46:27.0130 4236 RDPCDD - ok 18:46:27.0179 4236 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 18:46:27.0205 4236 rdpdr - ok 18:46:27.0218 4236 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 18:46:27.0242 4236 RDPENCDD - ok 18:46:27.0269 4236 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 18:46:27.0288 4236 RDPWD - ok 18:46:27.0346 4236 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 18:46:27.0365 4236 RFCOMM - ok 18:46:27.0422 4236 rig3avs (afebc6dd529c46f83906b5f45a403b19) C:\Windows\system32\Drivers\rig3avs.sys 18:46:27.0436 4236 rig3avs - ok 18:46:27.0494 4236 rig3usb (d21e56840b37719e16ca1e8d7851ce2a) C:\Windows\system32\Drivers\rig3usb.sys 18:46:27.0502 4236 rig3usb - ok 18:46:27.0520 4236 rig3usb_svc (d21e56840b37719e16ca1e8d7851ce2a) C:\Windows\system32\Drivers\rig3usb.sys 18:46:27.0527 4236 rig3usb_svc - ok 18:46:27.0564 4236 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 18:46:27.0587 4236 rspndr - ok 18:46:27.0609 4236 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys 18:46:27.0630 4236 RTL8169 - ok 18:46:27.0684 4236 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 18:46:27.0692 4236 RVIEG01 ( UnsignedFile.Multi.Generic ) - warning 18:46:27.0692 4236 RVIEG01 - detected UnsignedFile.Multi.Generic (1) 18:46:27.0721 4236 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 18:46:27.0730 4236 sbp2port - ok 18:46:27.0741 4236 SBRE - ok 18:46:27.0781 4236 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 18:46:27.0805 4236 sdbus - ok 18:46:27.0828 4236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:46:27.0870 4236 secdrv - ok 18:46:27.0896 4236 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 18:46:27.0937 4236 Serenum - ok 18:46:27.0957 4236 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 18:46:28.0002 4236 Serial - ok 18:46:28.0031 4236 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 18:46:28.0054 4236 sermouse - ok 18:46:28.0082 4236 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 18:46:28.0100 4236 sffdisk - ok 18:46:28.0125 4236 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 18:46:28.0149 4236 sffp_mmc - ok 18:46:28.0165 4236 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 18:46:28.0188 4236 sffp_sd - ok 18:46:28.0203 4236 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 18:46:28.0245 4236 sfloppy - ok 18:46:28.0279 4236 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 18:46:28.0289 4236 sisagp - ok 18:46:28.0330 4236 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 18:46:28.0339 4236 SiSRaid2 - ok 18:46:28.0368 4236 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 18:46:28.0377 4236 SiSRaid4 - ok 18:46:28.0431 4236 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 18:46:28.0450 4236 Smb - ok 18:46:28.0483 4236 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 18:46:28.0491 4236 spldr - ok 18:46:28.0554 4236 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys 18:46:28.0593 4236 sptd - ok 18:46:28.0646 4236 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 18:46:28.0661 4236 srv - ok 18:46:28.0709 4236 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 18:46:28.0723 4236 srv2 - ok 18:46:28.0766 4236 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 18:46:28.0779 4236 srvnet - ok 18:46:28.0844 4236 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys 18:46:28.0851 4236 ss_bbus - ok 18:46:28.0902 4236 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 18:46:28.0909 4236 ss_bmdfl - ok 18:46:28.0970 4236 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys 18:46:28.0978 4236 ss_bmdm - ok 18:46:29.0046 4236 STHDA (21cc262ab5f42f7a6b91dc7304c2f267) C:\Windows\system32\DRIVERS\stwrt.sys 18:46:29.0062 4236 STHDA - ok 18:46:29.0117 4236 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 18:46:29.0126 4236 swenum - ok 18:46:29.0145 4236 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 18:46:29.0153 4236 Symc8xx - ok 18:46:29.0175 4236 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 18:46:29.0184 4236 Sym_hi - ok 18:46:29.0197 4236 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 18:46:29.0206 4236 Sym_u3 - ok 18:46:29.0240 4236 SynasUSB (e46088b882e6315518630e249ddf958c) C:\Windows\system32\drivers\SynasUSB.sys 18:46:29.0247 4236 SynasUSB - ok 18:46:29.0300 4236 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 18:46:29.0309 4236 SynTP - ok 18:46:29.0383 4236 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 18:46:29.0443 4236 Tcpip - ok 18:46:29.0506 4236 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 18:46:29.0543 4236 Tcpip6 - ok 18:46:29.0598 4236 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 18:46:29.0609 4236 tcpipreg - ok 18:46:29.0641 4236 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 18:46:29.0664 4236 TDPIPE - ok 18:46:29.0690 4236 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 18:46:29.0714 4236 TDTCP - ok 18:46:29.0752 4236 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 18:46:29.0772 4236 tdx - ok 18:46:29.0821 4236 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 18:46:29.0832 4236 TermDD - ok 18:46:29.0862 4236 TFilter - ok 18:46:29.0898 4236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:46:29.0921 4236 tssecsrv - ok 18:46:29.0942 4236 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 18:46:29.0962 4236 tunnel - ok 18:46:29.0978 4236 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 18:46:29.0987 4236 uagp35 - ok 18:46:30.0040 4236 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 18:46:30.0060 4236 udfs - ok 18:46:30.0099 4236 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 18:46:30.0108 4236 uliagpkx - ok 18:46:30.0127 4236 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 18:46:30.0139 4236 uliahci - ok 18:46:30.0157 4236 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 18:46:30.0166 4236 UlSata - ok 18:46:30.0181 4236 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 18:46:30.0191 4236 ulsata2 - ok 18:46:30.0213 4236 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 18:46:30.0237 4236 umbus - ok 18:46:30.0314 4236 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 18:46:30.0332 4236 usbaudio - ok 18:46:30.0379 4236 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 18:46:30.0398 4236 usbccgp - ok 18:46:30.0420 4236 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 18:46:30.0462 4236 usbcir - ok 18:46:30.0492 4236 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 18:46:30.0511 4236 usbehci - ok 18:46:30.0538 4236 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 18:46:30.0558 4236 usbhub - ok 18:46:30.0576 4236 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys 18:46:30.0599 4236 usbohci - ok 18:46:30.0632 4236 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 18:46:30.0654 4236 usbprint - ok 18:46:30.0688 4236 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 18:46:30.0707 4236 usbscan - ok 18:46:30.0755 4236 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:46:30.0774 4236 USBSTOR - ok 18:46:30.0795 4236 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 18:46:30.0813 4236 usbuhci - ok 18:46:30.0840 4236 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 18:46:30.0864 4236 usbvideo - ok 18:46:30.0913 4236 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 18:46:30.0932 4236 usb_rndisx - ok 18:46:30.0972 4236 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys 18:46:30.0980 4236 vfs101x - ok 18:46:31.0008 4236 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 18:46:31.0033 4236 vga - ok 18:46:31.0051 4236 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 18:46:31.0075 4236 VgaSave - ok 18:46:31.0098 4236 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 18:46:31.0107 4236 viaagp - ok 18:46:31.0126 4236 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 18:46:31.0149 4236 ViaC7 - ok 18:46:31.0164 4236 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 18:46:31.0173 4236 viaide - ok 18:46:31.0196 4236 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 18:46:31.0205 4236 volmgr - ok 18:46:31.0253 4236 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 18:46:31.0268 4236 volmgrx - ok 18:46:31.0320 4236 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 18:46:31.0333 4236 volsnap - ok 18:46:31.0356 4236 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 18:46:31.0366 4236 vsmraid - ok 18:46:31.0404 4236 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 18:46:31.0446 4236 WacomPen - ok 18:46:31.0467 4236 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:46:31.0486 4236 Wanarp - ok 18:46:31.0490 4236 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 18:46:31.0511 4236 Wanarpv6 - ok 18:46:31.0557 4236 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 18:46:31.0565 4236 Wd - ok 18:46:31.0612 4236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:46:31.0636 4236 Wdf01000 - ok 18:46:31.0706 4236 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 18:46:31.0741 4236 winachsf - ok 18:46:31.0809 4236 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 18:46:31.0827 4236 WmiAcpi - ok 18:46:31.0896 4236 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 18:46:31.0927 4236 WpdUsb - ok 18:46:31.0977 4236 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 18:46:32.0001 4236 ws2ifsl - ok 18:46:32.0041 4236 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:46:32.0066 4236 WUDFRd - ok 18:46:32.0119 4236 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 18:46:32.0130 4236 ZTEusbmdm6k - ok 18:46:32.0163 4236 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 18:46:32.0174 4236 ZTEusbnmea - ok 18:46:32.0196 4236 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 18:46:32.0206 4236 ZTEusbser6k - ok 18:46:32.0236 4236 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0 18:46:32.0351 4236 \Device\Harddisk0\DR0 - ok 18:46:32.0355 4236 Boot (0x1200) (89199f450d511502f8b4dba060891121) \Device\Harddisk0\DR0\Partition0 18:46:32.0356 4236 \Device\Harddisk0\DR0\Partition0 - ok 18:46:32.0363 4236 Boot (0x1200) (f51057e91fde6ede19e01032a8ca742b) \Device\Harddisk0\DR0\Partition1 18:46:32.0365 4236 \Device\Harddisk0\DR0\Partition1 - ok 18:46:32.0365 4236 ============================================================ 18:46:32.0365 4236 Scan finished 18:46:32.0365 4236 ============================================================ 18:46:32.0377 5868 Detected object count: 5 18:46:32.0377 5868 Actual detected object count: 5 18:46:35.0211 5868 DfuUsb ( UnsignedFile.Multi.Generic ) - skipped by user 18:46:35.0211 5868 DfuUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:46:35.0213 5868 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 18:46:35.0213 5868 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:46:35.0214 5868 mdf15 ( UnsignedFile.Multi.Generic ) - skipped by user 18:46:35.0214 5868 mdf15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:46:35.0216 5868 mvd17 ( UnsignedFile.Multi.Generic ) - skipped by user 18:46:35.0216 5868 mvd17 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:46:35.0218 5868 RVIEG01 ( UnsignedFile.Multi.Generic ) - skipped by user 18:46:35.0218 5868 RVIEG01 ( UnsignedFile.Multi.Generic ) - User select action: Skip [/log] Dopiero znalazł zagrożenia jak zaptaszkowałem additional options.
Gość komentarz 29 września 2011 komentarz 29 września 2011 Wykonaj nadpisanie MBR uruchamiając MBRcheck - tutaj instrukcja, krok po kroku [url="http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/"]http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/[/url]
Perfer komentarz 29 września 2011 Autor komentarz 29 września 2011 log po wykonaniu nadpisania: [log]MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Compal BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv7 Notebook PC Logical Drives Mask: 0x0000005c Kernel Drivers (total 215): 0x82646000 \SystemRoot\system32\ntkrnlpa.exe 0x82613000 \SystemRoot\system32\hal.dll 0x80401000 \SystemRoot\system32\kdcom.dll 0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80478000 \SystemRoot\system32\PSHED.dll 0x80489000 \SystemRoot\system32\BOOTVID.dll 0x80491000 \SystemRoot\system32\CLFS.SYS 0x804D2000 \SystemRoot\system32\CI.dll 0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068C000 \SystemRoot\system32\drivers\acpi.sys 0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E3000 \SystemRoot\system32\drivers\pci.sys 0x8070A000 \SystemRoot\system32\drivers\isapnp.sys 0x80719000 \SystemRoot\system32\drivers\mpio.sys 0x80735000 \SystemRoot\System32\drivers\partmgr.sys 0x80744000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80747000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80751000 \SystemRoot\system32\drivers\volmgr.sys 0x80760000 \SystemRoot\System32\drivers\volmgrx.sys 0x807AA000 \SystemRoot\system32\drivers\intelide.sys 0x807B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807BF000 \SystemRoot\system32\drivers\pciide.sys 0x807C6000 \SystemRoot\system32\drivers\aliide.sys 0x807CD000 \SystemRoot\system32\drivers\amdide.sys 0x807D4000 \SystemRoot\system32\drivers\cmdide.sys 0x807DC000 \SystemRoot\System32\drivers\mountmgr.sys 0x805B2000 \SystemRoot\system32\drivers\msdsm.sys 0x805CC000 \SystemRoot\system32\drivers\nvraid.sys 0x8AC02000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8AC23000 \SystemRoot\system32\drivers\viaide.sys 0x8AC2B000 \SystemRoot\system32\drivers\iastorv.sys 0x8ACCC000 \SystemRoot\system32\drivers\atapi.sys 0x8ACD4000 \SystemRoot\system32\drivers\ataport.SYS 0x8ACF2000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x8AD0C000 \SystemRoot\system32\drivers\storport.sys 0x8AD4D000 \SystemRoot\system32\drivers\nvstor.sys 0x8AD5A000 \SystemRoot\system32\drivers\msahci.sys 0x8AD64000 \SystemRoot\system32\drivers\hpcisss.sys 0x8AD6F000 \SystemRoot\system32\drivers\adp94xx.sys 0x8AE01000 \SystemRoot\system32\drivers\adpahci.sys 0x8AE4D000 \SystemRoot\system32\drivers\adpu160m.sys 0x8AE68000 \SystemRoot\system32\drivers\SCSIPORT.SYS 0x8AE8E000 \SystemRoot\system32\drivers\adpu320.sys 0x8AEB4000 \SystemRoot\system32\drivers\djsvs.sys 0x8AEC8000 \SystemRoot\system32\drivers\arc.sys 0x8AEDE000 \SystemRoot\system32\drivers\arcsas.sys 0x8AEF4000 \SystemRoot\system32\drivers\elxstor.sys 0x8AF88000 \SystemRoot\system32\drivers\i2omp.sys 0x8AF92000 \SystemRoot\system32\drivers\iirsp.sys 0x8AFA2000 \SystemRoot\system32\drivers\iteatapi.sys 0x8AFAE000 \SystemRoot\system32\drivers\iteraid.sys 0x8AFBA000 \SystemRoot\system32\drivers\lsi_fc.sys 0x8AFD4000 \SystemRoot\system32\drivers\lsi_sas.sys 0x8AFEC000 \SystemRoot\system32\drivers\megasas.sys 0x8B00D000 \SystemRoot\system32\drivers\megasr.sys 0x8B0C4000 \SystemRoot\system32\drivers\mraid35x.sys 0x8B0CF000 \SystemRoot\system32\drivers\nfrd960.sys 0x8B200000 \SystemRoot\system32\drivers\ql2300.sys 0x8B338000 \SystemRoot\system32\drivers\ql40xx.sys 0x8B38D000 \SystemRoot\system32\drivers\sisraid2.sys 0x8B39A000 \SystemRoot\system32\drivers\sisraid4.sys 0x8B3AF000 \SystemRoot\system32\drivers\symc8xx.sys 0x8B3BB000 \SystemRoot\system32\drivers\sym_hi.sys 0x8B3C6000 \SystemRoot\system32\drivers\sym_u3.sys 0x8B0DD000 \SystemRoot\system32\drivers\uliahci.sys 0x8B3D1000 \SystemRoot\system32\drivers\ulsata.sys 0x8B119000 \SystemRoot\system32\drivers\ulsata2.sys 0x8B145000 \SystemRoot\system32\drivers\vsmraid.sys 0x8B166000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B198000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B40F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B480000 \SystemRoot\system32\drivers\ndis.sys 0x8B58B000 \SystemRoot\system32\drivers\msrpc.sys 0x8B5B6000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B60B000 \SystemRoot\System32\drivers\tcpip.sys 0x8B6F5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B80A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B91A000 \SystemRoot\system32\drivers\wd.sys 0x8B922000 \SystemRoot\system32\drivers\volsnap.sys 0x8B95B000 \SystemRoot\System32\Drivers\spldr.sys 0x8B963000 \SystemRoot\system32\drivers\sbp2port.sys 0x8B978000 \SystemRoot\System32\Drivers\mup.sys 0x8B987000 \SystemRoot\System32\drivers\ecache.sys 0x8B9AE000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x8B9B7000 \SystemRoot\system32\drivers\disk.sys 0x8B9C8000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B9F3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B710000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B800000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8F605000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8FFEB000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x8B71F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FFED000 \SystemRoot\System32\drivers\watchdog.sys 0x8B7C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8B1A8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8B7CB000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90606000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9080F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x90B98000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x90BBA000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x90BCA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x90BD8000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x90693000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90BEF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x90BF4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x906A6000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x90800000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90802000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x906D6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x906EE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x906F4000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x906FF000 \SystemRoot\system32\DRIVERS\enecir.sys 0x90717000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x90720000 \SystemRoot\system32\DRIVERS\Epfwndis.sys 0x9072B000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x9075A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90765000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x9077C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90787000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x907AA000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x907B9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x907CD000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x907E2000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9080D000 \SystemRoot\system32\DRIVERS\swenum.sys 0x90E09000 \SystemRoot\system32\DRIVERS\ks.sys 0x90E33000 \SystemRoot\system32\DRIVERS\circlass.sys 0x90E41000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x90E4B000 \SystemRoot\system32\DRIVERS\umbus.sys 0x90E58000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90E8D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90E9E000 \SystemRoot\system32\DRIVERS\stwrt.sys 0x90F00000 \SystemRoot\system32\DRIVERS\portcls.sys 0x90F2D000 \SystemRoot\system32\DRIVERS\drmk.sys 0x90F52000 \SystemRoot\system32\drivers\nvhda32v.sys 0x90F77000 \SystemRoot\system32\DRIVERS\hidir.sys 0x90F82000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x90F92000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90F99000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x90FA2000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x90FAA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90FB3000 \SystemRoot\System32\Drivers\Null.SYS 0x90FBA000 \SystemRoot\System32\Drivers\Beep.SYS 0x90FC1000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0x90FE0000 \SystemRoot\System32\drivers\vga.sys 0x8B7DA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90FEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90FF4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x907F2000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B5F1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90E00000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8B1E6000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8ADD9000 \SystemRoot\system32\DRIVERS\smb.sys 0x91606000 \SystemRoot\system32\drivers\afd.sys 0x9164E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91680000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91696000 \SystemRoot\system32\DRIVERS\netbios.sys 0x916A4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x916B7000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x916F3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x916FD000 \??\C:\Program Files\Clarus\Samsung SecretZone\mvd17.sys 0x9170C000 \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys 0x91715000 \SystemRoot\System32\Drivers\dfsc.sys 0x9172C000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x91739000 \SystemRoot\System32\Drivers\bthport.sys 0x917B9000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x917D0000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x92C0A000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x92C33000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x92C3D000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x92C57000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0x92C66000 \SystemRoot\system32\drivers\modem.sys 0x92C73000 \SystemRoot\system32\drivers\btwavdt.sys 0x92CDE000 \SystemRoot\system32\drivers\btwaudio.sys 0x92D5E000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x92D61000 \SystemRoot\system32\drivers\vfs101x.sys 0x92D6E000 \SystemRoot\System32\Drivers\usbvideo.sys 0x92D8F000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x92DA5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x92DBA000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92DC7000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x92DD2000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9B490000 \SystemRoot\System32\win32k.sys 0x92DDC000 \SystemRoot\System32\drivers\Dxapi.sys 0x92DE6000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B6B0000 \SystemRoot\System32\TSDDD.dll 0x9B6D0000 \SystemRoot\System32\cdd.dll 0x917D9000 \SystemRoot\system32\drivers\luafv.sys 0x9F40F000 \SystemRoot\system32\DRIVERS\eamonm.sys 0x9F4B5000 \SystemRoot\system32\DRIVERS\epfw.sys 0x9F4D7000 \SystemRoot\system32\drivers\spsys.sys 0x9F587000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9F597000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9F5C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9F5CB000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA220B000 \SystemRoot\system32\drivers\HTTP.sys 0xA2278000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA2295000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA22AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA22C3000 \SystemRoot\system32\drivers\mrxdav.sys 0xA22E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2303000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA233C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2354000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA237B000 \SystemRoot\System32\DRIVERS\srv.sys 0xA23E1000 \SystemRoot\system32\DRIVERS\epfwwfp.sys 0xA5203000 \SystemRoot\system32\drivers\peauth.sys 0xA52E1000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 0xA5309000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA5313000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA531F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA5334000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA5346000 \??\C:\Windows\system32\FsUsbExDisk.SYS 0x77440000 \Windows\System32\ntdll.dll Processes (total 101): 0 System Idle Process 4 SYSTEM 468 C:\Windows\System32\smss.exe 620 csrss.exe 672 C:\Windows\System32\wininit.exe 684 csrss.exe 716 C:\Windows\System32\services.exe 728 C:\Windows\System32\lsass.exe 736 C:\Windows\System32\lsm.exe 896 C:\Windows\System32\svchost.exe 940 C:\Windows\System32\nvvsvc.exe 972 C:\Windows\System32\svchost.exe 1012 C:\Windows\System32\winlogon.exe 1108 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1144 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe 1244 C:\Windows\System32\audiodg.exe 1356 C:\Windows\System32\svchost.exe 1392 C:\Windows\System32\SLsvc.exe 1416 C:\Windows\System32\svchost.exe 1528 C:\Windows\System32\hpservice.exe 1564 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1576 C:\Windows\System32\nvvsvc.exe 1728 C:\Windows\System32\vfsFPService.exe 1800 C:\Windows\System32\svchost.exe 2004 C:\Windows\System32\taskeng.exe 2012 C:\Windows\System32\spoolsv.exe 2036 C:\Program Files\DigitalPersona\Bin\DpHostW.exe 480 C:\Windows\System32\svchost.exe 1740 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 2064 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe 2096 C:\Windows\System32\svchost.exe 2116 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2152 C:\Program Files\Bonjour\mDNSResponder.exe 2168 C:\Windows\System32\svchost.exe 2192 C:\Program Files\ESET\ESET Smart Security\ekrn.exe 2300 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE 2312 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE 2332 C:\Windows\System32\FsUsbExService.Exe 2360 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2392 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE 2464 C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe 2508 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 2548 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2584 C:\Windows\System32\PnkBstrA.exe 2612 C:\Windows\System32\svchost.exe 2632 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2644 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2668 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe 2684 C:\Windows\SMINST\BLService.exe 2716 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2752 C:\Windows\System32\svchost.exe 2800 C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe 2828 C:\Windows\System32\svchost.exe 2868 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2908 C:\Windows\System32\SearchIndexer.exe 3280 WUDFHost.exe 3440 C:\Windows\System32\dwm.exe 3464 C:\Windows\explorer.exe 3668 C:\Windows\servicing\TrustedInstaller.exe 3704 C:\Windows\System32\taskeng.exe 3852 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 1312 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3460 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3592 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3716 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 1516 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 712 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3844 C:\Program Files\DigitalPersona\Bin\DpAgent.exe 1540 C:\Program Files\Netia\Mobilny Internet\UIExec.exe 3392 C:\Program Files\blueconnect\DataCardMonitor.exe 3480 C:\Program Files\ESET\ESET Smart Security\egui.exe 3420 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1556 C:\Program Files\Common Files\Corel\Standby\Standby.exe 1684 C:\Program Files\iTunes\iTunesHelper.exe 4068 C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe 1268 C:\Windows\ehome\ehtray.exe 868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1444 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE 3360 C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe 3104 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe 4024 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2400 C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe 392 C:\Program Files\Windows Media Player\wmpnscfg.exe 624 C:\Windows\ehome\ehmsas.exe 2412 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 3432 C:\Program Files\Windows Media Player\wmpnetwk.exe 2788 WmiPrvSE.exe 2404 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 4192 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 4412 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4512 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 4868 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 4908 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4972 C:\Program Files\iPod\bin\iPodService.exe 5276 C:\Windows\System32\conime.exe 5444 C:\Windows\System32\SearchProtocolHost.exe 5484 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 5504 C:\Windows\System32\SearchFilterHost.exe 3600 C:\Users\KAROL\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`85400000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done![/log] Dalej jest unknown MBR code detected. Chyba nie dało rady. :/
Gość komentarz 29 września 2011 komentarz 29 września 2011 Pobierz Combofix [url="http://www.fixitpc.pl/topic/7-dezynfekcja-narzedzie-combofix/"]http://www.fixitpc.pl/topic/7-dezynfekcja-narzedzie-combofix/[/url] Przejdź w Tryb awaryjny Windows i spróbuj uruchomić ComboFix. Jeśli się uda, przedstaw raport.
wirusolog komentarz 30 września 2011 komentarz 30 września 2011 Wykrycie przez MBRCheck to drobnostka i to nie jest Rootkit! [quote] System Product Name: HP Pavilion dv7 Notebook PC [/quote] Autor ma laptopa i partycję Recovery z której MBRCheck nie może odczytać informacji. Dlatego MBRCheck indeksuje to jako ,,Unknown MBR code".
Perfer komentarz 30 września 2011 Autor komentarz 30 września 2011 Log z combofix'a [log]ComboFix 11-09-30.03 - KAROL 2011-09-30 16:14:26.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.3068.2560 [GMT 2:00] Uruchomiony z: c:\users\KAROL\Desktop\memtest\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\google\common\google updater\googleupdaterservice.exe c:\users\KAROL\AppData\Local\unins000.exe c:\users\Public\nowegg.exe c:\windows\DPINST.LOG c:\windows\IsUn0415.exe c:\windows\iun6002.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_usnjsvc . . ((((((((((((((((((((((((( Pliki utworzone od 2011-08-28 do 2011-09-30 ))))))))))))))))))))))))))))))) . . 2011-09-30 14:26 . 2011-09-30 14:50 -------- d-----w- c:\users\KAROL\AppData\Local\temp 2011-09-30 14:26 . 2011-09-30 14:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-09-30 14:26 . 2011-09-30 14:26 -------- d-----w- c:\users\UpdatusUser(412)\AppData\Local\temp 2011-09-30 14:26 . 2011-09-30 14:26 -------- d-----w- c:\users\Paweł\AppData\Local\temp 2011-09-30 14:26 . 2011-09-30 14:26 -------- d-----w- c:\users\Gość\AppData\Local\temp 2011-09-30 14:26 . 2011-09-30 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-29 12:42 . 2011-09-30 14:49 -------- d-----w- c:\users\KAROL\AppData\Local\Htc 2011-09-29 12:40 . 2011-09-29 12:42 -------- d-----w- c:\users\KAROL\AppData\Roaming\HTC 2011-09-29 12:35 . 2011-09-29 12:35 -------- d-----w- c:\program files\Spirent Communications 2011-09-29 12:33 . 2011-09-29 12:40 -------- d-----w- c:\program files\HTC 2011-09-28 12:33 . 2011-09-28 12:36 -------- d-----w- C:\symbols 2011-09-24 19:06 . 2011-09-24 19:06 -------- d-----w- c:\program files\VASSAL 2011-09-23 11:57 . 2011-09-23 11:57 -------- dc-h--w- c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6} 2011-09-22 20:09 . 2011-09-22 20:09 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B} 2011-09-22 19:57 . 2011-09-22 19:57 -------- dc-h--w- c:\programdata\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} 2011-09-22 14:12 . 2011-09-22 14:12 -------- d-----w- c:\users\KAROL\AppData\Roaming\Malwarebytes 2011-09-22 14:12 . 2011-09-22 14:12 -------- d-----w- c:\programdata\Malwarebytes 2011-09-22 14:12 . 2011-09-22 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-22 14:12 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-22 12:14 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-09-22 12:14 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe 2011-09-22 12:14 . 2011-08-03 11:50 309352 ----a-w- c:\windows\system32\nvhotkey.dll 2011-09-22 12:14 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-09-22 12:14 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll 2011-09-22 12:14 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll 2011-09-22 12:14 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-09-22 12:14 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-09-22 12:11 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-09-22 12:11 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-09-22 12:11 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll 2011-09-22 12:11 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-09-22 12:11 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-09-22 12:11 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll 2011-09-22 12:11 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll 2011-09-22 12:11 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-09-22 12:11 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-09-22 12:11 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-09-22 11:51 . 2011-09-22 11:51 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit 2011-09-22 11:50 . 2011-09-28 12:44 -------- d-----w- c:\program files\Debugging Tools for Windows (x86) 2011-09-22 11:50 . 2011-09-22 11:50 -------- d-----w- c:\program files\Application Verifier 2011-09-22 11:27 . 2011-09-22 20:14 -------- dc-h--w- c:\programdata\{A07F7F49-03B9-4B8B-A266-07563B0278A6} 2011-09-21 21:33 . 2011-09-21 21:33 -------- d-----w- c:\users\KAROL\{72f8c2ce-4d47-4424-a8c9-0fa117485c4b} 2011-09-21 15:13 . 2011-09-21 15:13 -------- d-----w- c:\users\KAROL\{06df778f-f510-48fd-ac57-0ce755d06ae7} 2011-09-21 15:01 . 2011-09-21 15:01 -------- d-----w- c:\users\KAROL\{664d8a28-393c-4ae0-8096-bfa55d4f3dca} 2011-09-21 14:44 . 2011-09-21 14:44 -------- d-----w- c:\users\KAROL\{be498c9c-a804-4c58-8f3e-fb7bffd0eada} 2011-09-21 14:39 . 2011-09-21 15:34 -------- d-----w- c:\users\UpdatusUser(332) 2011-09-21 14:09 . 2011-09-21 14:09 -------- d-----w- c:\users\KAROL\{6b8dd61f-ed0e-4414-b95a-16d4a4a7011d} 2011-09-21 14:02 . 2011-09-21 14:02 -------- d-----w- c:\users\KAROL\{d25a5af4-715e-4d0d-a31a-5bee1578b5b5} 2011-09-07 17:57 . 2011-09-07 17:57 -------- d-----w- c:\users\Paweł\AppData\Local\Apple Computer 2011-09-07 11:35 . 2011-09-07 11:35 -------- d-----w- c:\users\Gość\AppData\Roaming\Apple Computer 2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-28 14:33 . 2011-05-19 09:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-03 11:50 . 2008-05-14 02:09 2412136 ----a-w- c:\windows\system32\nvapi.dll 2011-08-03 11:50 . 2008-05-14 02:09 12636776 ----a-w- c:\windows\system32\nvd3dum.dll 2011-07-25 10:17 . 2011-03-17 20:22 3766 --sha-w- c:\programdata\KGyGaAvL.sys 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-17 15:20 . 2011-05-01 09:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992] "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816] "UIExec"="c:\program files\Netia\Mobilny Internet\UIExec.exe" [2010-03-02 138072] "DataCardMonitor"="c:\program files\blueconnect\DataCardMonitor.exe" [2010-11-11 253952] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-07-26 105632] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592] PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-3-27 172544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3384155157-3980012862-2537522586-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9e1f418dd0ea0;Usługa Google Update (gupdate1c9e1f418dd0ea0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 133104] R3 DfuUsb;DfuUsb;c:\windows\system32\DRIVERS\DFUUsb.sys [2007-11-08 10880] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 133104] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 MailScan;MailScan;c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-18 9216] R3 rig3avs;Rig Kontrol 3 WDM Audio;c:\windows\system32\Drivers\rig3avs.sys [2011-04-11 346192] R3 rig3usb;rig3usb;c:\windows\system32\Drivers\rig3usb.sys [2011-04-11 95312] R3 rig3usb_svc;Rig Kontrol 3;c:\windows\system32\Drivers\rig3usb.sys [2011-04-11 95312] R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288] R3 TFilter;TFilter;c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [x] R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-22 691696] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2008-12-21 12800] S1 mvd17;mvd17;c:\program files\Clarus\Samsung SecretZone\mvd17.sys [2007-03-19 60288] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-11-05 238952] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880] S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2008-12-31 102400] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808] S2 UI Assistant Service;UI Assistant Service;c:\program files\Netia\Mobilny Internet\AssistantServices.exe [2010-03-02 247152] S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-11-02 36608] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-10 139368] S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 13:31] . 2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 13:31] . 2011-09-21 c:\windows\Tasks\HPCeeScheduleForKAROL.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-25 13:14] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://tvn24-stream.onet.pl/nazywo.html mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\KAROL\AppData\Roaming\Mozilla\Firefox\Profiles\z415x1dc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ing.pl/u235/navi/35 FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.type - 0 . . ------- Skojarzenia plików ------- . .scr=MicroStation Resource . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{A84C785A-0796-4BED-9BC3-EFB6C4F12602} - (no file) HKCU-Run-Twoje TVN24 - (no file) HKLM-Run-NPSStartup - (no file) HKLM-Run-Corel Graphics Suite 1117 - c:\program files\Corel\Corel Graphics 11\Register\registration.exe HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe AddRemove-BattlesInNormandyv101 - c:\windows\iun6002.exe AddRemove-Native Instruments Rig Kontrol 3 Driver - c:\programdata\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}\Rig Kontrol 3 Driver Setup.exe AddRemove-Próba Czasu - c:\windows\IsUn0415.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-_{9C9078D1-FA30-4E1B-A194-983A4898F848} - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Languages\PL\Moduły dodatkowe\KPT\Uninst.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\KAROL\AppData\Local\unins000.exe AddRemove-DealAssistant - c:\users\KAROL\AppData\Roaming\DealAssistant\DAUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-30 16:49 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DataCardMonitor = c:\program files\blueconnect\DataCardMonitor.exe??????????????????????????y???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,69,01,f9,42,b0,2a,43,92,08,b5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,69,01,f9,42,b0,2a,43,92,08,b5,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(5272) c:\program files\DigitalPersona\Bin\DpoFeedb.dll c:\windows\system32\btmmhook.dll c:\program files\DigitalPersona\Bin\DpoSet.dll c:\windows\system32\btncopy.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\system32\conime.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\windows\ehome\ehmsas.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Czas ukończenia: 2011-09-30 16:56:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-09-30 14:55 . Przed: 60 305 010 688 bajtów wolnych Po: 64 583 925 760 bajtów wolnych . - - End Of File - - 6DD25CE3553D9E1D07E3383C48954423 [/log]
Gość komentarz 1 października 2011 komentarz 1 października 2011 (edytowane) [b]1.[/b] Odinstaluj Combofix. Rootkita tutaj nie ma. [b]Start > uruchom[/b] i wklej poniższą komendę: [b]"c:\users\KAROL\Desktop\memtest\ComboFix.exe" /uninstall[/b] [b]2.[/b] Problemem są tu sterowniki od USB start > uruchom services.msc na liście sprawdź usługe [php]SRV - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)[/php] jesli jest PPM na usługe > właściwości dajesz, [b]zatrzymaj[/b] ,tryb startowy ustaw na [b]wyłaczona[/b] [b]3.[/b] odinstaluj Digital Persona (czytnik linni papilarnych). Jeśli nie uzywasz nie ma sensu aby funkcjnował w systemie Czy korzystasz z touchpada? 4. Po wykonaniu czynności 1-3. Wykonaj skan [b]OTL[/b] i zaprezentuj log.
Perfer komentarz 2 października 2011 Autor komentarz 2 października 2011 1. Combofix odinstalowany 2.Nie znalazłem na liscie tej usługi 3. Czytnik jest używany przez Tatę (jego laptop) więc nie moge go odinstalować. z touchpada korzysta bardzo rzadko lub w ogóle. Log z OTL'a: [log]OTL logfile created on: 2011-10-02 11:49:44 - Run 2 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\KAROL\Desktop\OTL Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,71% Memory free 6,19 Gb Paging File | 4,83 Gb Available in Paging File | 77,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,08 Gb Total Space | 62,76 Gb Free Space | 21,64% Space Free | Partition Type: NTFS Drive D: | 8,01 Gb Total Space | 1,09 Gb Free Space | 13,62% Space Free | Partition Type: NTFS Drive E: | 613,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAROL-PC | User Name: KAROL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-09-22 21:22:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\KAROL\Desktop\OTL\OTL.exe PRC - [2011-08-22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011-08-12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-08-03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011-08-03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-07 17:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2010-07-28 03:23:50 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe PRC - [2010-07-26 23:59:20 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe PRC - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010-03-02 18:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe PRC - [2010-03-02 18:03:18 | 000,247,152 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe PRC - [2009-12-02 17:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009-09-29 09:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2009-09-29 09:52:52 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008-12-31 16:19:56 | 000,102,400 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe PRC - [2008-06-27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe PRC - [2008-06-27 17:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe PRC - [2008-06-19 14:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008-06-19 14:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008-04-27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008-04-26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe PRC - [2007-12-13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-08-22 10:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011-08-22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011-08-22 10:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011-08-22 10:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011-08-22 10:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011-08-22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011-08-22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011-08-22 10:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011-03-27 13:11:42 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\24c6417baba7ca153d53c9977fc5c008\System.Data.SqlServerCe.ni.dll MOD - [2010-08-24 11:43:06 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.ni.dll MOD - [2010-08-24 11:43:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9f38a2b0adadce82d09209811af4043e\System.Transactions.ni.dll MOD - [2010-08-24 11:43:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll MOD - [2010-08-24 11:37:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll MOD - [2010-08-24 11:37:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll MOD - [2010-08-24 11:36:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll MOD - [2010-08-24 11:36:11 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\cc009a955f4b35c344c2f9aaf453f329\System.Data.ni.dll MOD - [2010-08-24 11:35:10 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll MOD - [2010-08-24 11:34:36 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll MOD - [2010-03-02 18:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe MOD - [2009-09-04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009-03-31 20:05:12 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-03-30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009-03-30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008-06-25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2008-06-19 14:10:46 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (gusvc) SRV - [2011-09-22 00:39:19 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai) SRV - [2011-08-12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011-08-03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-04-07 17:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010-08-12 15:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2010-08-12 15:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010-03-02 18:03:18 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe -- (UI Assistant Service) SRV - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009-09-29 09:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009-01-08 09:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro) SRV - [2008-12-31 16:19:56 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service) SRV - [2008-12-22 12:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008-06-27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe -- (AESTFilters) SRV - [2008-06-27 17:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe -- (STacSV) SRV - [2008-04-27 23:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008-04-26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007-01-11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-08-03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-05-10 11:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011-04-11 15:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3avs.sys -- (rig3avs) DRV - [2011-04-11 15:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3usb.sys -- (rig3usb_svc) DRV - [2011-04-11 15:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rig3usb.sys -- (rig3usb) DRV - [2010-07-29 14:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010-07-29 14:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2010-07-29 14:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-07-29 14:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2010-07-29 14:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010-06-23 10:23:46 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010-02-22 04:22:16 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-01-18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010-01-18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010-01-18 12:21:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010-01-18 12:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-11-02 10:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-06-10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008-12-21 12:04:46 | 000,012,800 | ---- | M] (The One Technology) [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15) DRV - [2008-11-17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008-08-07 15:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008-08-07 15:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008-07-08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-06-27 17:44:18 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008-05-02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-04-27 23:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008-01-24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007-11-08 22:51:54 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DFUUsb.sys -- (DfuUsb) DRV - [2007-10-24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-03-19 15:40:34 | 000,060,288 | ---- | M] (The One Technology) [Kernel | System | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd17.sys -- (mvd17) DRV - [2006-11-02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2001-04-13 20:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tvn24-stream.onet.pl/nazywo.html IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ing.pl/u235/navi/35" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-05-31 15:32:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-11-11 15:56:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-21 22:41:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-21 22:56:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-12-24 17:19:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009-11-11 15:56:56 | 000,000,000 | ---D | M] [2010-08-20 18:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAROL\AppData\Roaming\mozilla\Extensions [2011-09-21 23:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions [2011-08-31 17:08:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}(326) [2010-09-13 11:38:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\KAROL\AppData\Roaming\mozilla\Firefox\Profiles\z415x1dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-23 16:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-08-23 16:04:27 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-02-19 18:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\KAROL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z415X1DC.DEFAULT\EXTENSIONS\{195A3098-0BD5-4E90-AE22-BA1C540AFD1E} [2011-08-17 17:20:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-02-19 18:41:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2011-09-30 16:48:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\KAROL\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [UIExec] C:\Program Files\Netia\Mobilny Internet\UIExec.exe () O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html () O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26341FCD-81FE-4D84-8CA0-32FF1A916BAF}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{735E993C-5694-41FE-AE50-2F67F74D3FF3}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\KAROL\Pictures\Ustroń\Pies ogrodnika.JPG O24 - Desktop BackupWallPaper: C:\Users\KAROL\Pictures\Ustroń\Pies ogrodnika.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-03-22 10:11:42 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-10-02 11:37:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2011-09-30 16:56:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-09-30 16:53:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-09-30 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Local\temp [2011-09-30 16:10:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-09-30 16:02:42 | 004,237,063 | ---- | C] (Swearware) -- C:\Users\KAROL\Desktop\ComboFix.exe [2011-09-29 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\TDSSKiller [2011-09-29 18:37:43 | 000,592,952 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\KAROL\Desktop\SPTDinst-v179-x86.exe [2011-09-29 14:51:32 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Documents\My Photos [2011-09-29 14:51:32 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Documents\My Documents [2011-09-29 14:42:15 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011-09-29 14:42:05 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Local\Htc [2011-09-29 14:40:37 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\HTC [2011-09-29 14:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2011-09-29 14:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2011-09-29 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications [2011-09-29 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\HTC [2011-09-28 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\Gmerlog [2011-09-28 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\Defoggerantideamn [2011-09-28 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\OTL [2011-09-28 14:33:38 | 000,000,000 | ---D | C] -- C:\symbols [2011-09-24 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL [2011-09-24 21:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\VASSAL [2011-09-23 13:57:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} [2011-09-22 22:09:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2011-09-22 21:57:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} [2011-09-22 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Malwarebytes [2011-09-22 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-09-22 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-09-22 16:12:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-09-22 16:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-09-22 14:14:52 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2011-09-22 14:14:52 | 002,558,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011-09-22 14:14:52 | 000,309,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll [2011-09-22 14:14:52 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2011-09-22 14:14:51 | 003,730,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011-09-22 14:14:51 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011-09-22 14:14:49 | 000,600,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2011-09-22 14:11:56 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011-09-22 14:11:56 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011-09-22 14:11:56 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011-09-22 14:11:55 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011-09-22 14:11:55 | 010,304,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011-09-22 14:11:55 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011-09-22 14:11:55 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011-09-22 14:11:55 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011-09-22 14:11:55 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2011-09-22 14:11:55 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2011-09-22 13:51:13 | 000,000,000 | ---D | C] -- C:\Users\KAROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit [2011-09-22 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit [2011-09-22 13:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86) [2011-09-22 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86) [2011-09-22 13:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier [2011-09-22 13:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2011-09-22 13:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1 [2011-09-22 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\windbg [2011-09-22 13:27:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A07F7F49-03B9-4B8B-A266-07563B0278A6} [2011-09-22 01:03:46 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\memtest [2011-09-21 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{72f8c2ce-4d47-4424-a8c9-0fa117485c4b} [2011-09-21 17:42:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\Desktop\welt [2011-09-21 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{06df778f-f510-48fd-ac57-0ce755d06ae7} [2011-09-21 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{664d8a28-393c-4ae0-8096-bfa55d4f3dca} [2011-09-21 16:44:28 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{be498c9c-a804-4c58-8f3e-fb7bffd0eada} [2011-09-21 16:09:16 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{6b8dd61f-ed0e-4414-b95a-16d4a4a7011d} [2011-09-21 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\KAROL\{d25a5af4-715e-4d0d-a31a-5bee1578b5b5} [2009-02-19 21:44:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009-02-19 21:44:02 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009-02-19 21:44:02 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009-02-19 21:44:01 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009-02-19 21:44:01 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-10-02 11:34:33 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-10-02 11:31:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-10-02 11:15:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-10-02 11:15:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-10-02 11:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-10-02 00:18:52 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-09-30 21:22:39 | 000,607,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-09-30 21:22:39 | 000,137,286 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-09-30 21:22:39 | 000,108,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-09-30 21:22:39 | 000,013,218 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-09-30 16:48:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-09-30 16:03:03 | 004,237,063 | ---- | M] (Swearware) -- C:\Users\KAROL\Desktop\ComboFix.exe [2011-09-29 22:50:55 | 000,000,512 | ---- | M] () -- C:\Users\KAROL\Desktop\MBRCheck_MBR_Backup_09-29-11_22-50-55.bak [2011-09-29 22:44:10 | 000,080,384 | ---- | M] () -- C:\Users\KAROL\Desktop\MBRCheck.exe [2011-09-29 18:37:43 | 000,592,952 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\KAROL\Desktop\SPTDinst-v179-x86.exe [2011-09-29 14:50:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2011-09-29 14:40:27 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2011-09-28 17:39:52 | 000,000,020 | ---- | M] () -- C:\Users\KAROL\defogger_reenable [2011-09-28 17:13:32 | 326,315,057 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-09-28 16:33:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011-09-24 21:06:30 | 000,000,736 | ---- | M] () -- C:\Users\KAROL\Desktop\VASSAL.lnk [2011-09-23 17:30:13 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Pasek TVN24.lnk [2011-09-22 22:13:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2011-09-22 21:59:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_rig3usb_01009.Wdf [2011-09-22 16:12:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-21 22:55:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKAROL.job [2011-09-21 16:54:19 | 000,008,484 | ---- | M] () -- C:\Users\KAROL\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-09-29 22:50:55 | 000,000,512 | ---- | C] () -- C:\Users\KAROL\Desktop\MBRCheck_MBR_Backup_09-29-11_22-50-55.bak [2011-09-29 22:49:20 | 000,080,384 | ---- | C] () -- C:\Users\KAROL\Desktop\MBRCheck.exe [2011-09-29 14:50:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2011-09-29 14:40:27 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2011-09-28 17:39:35 | 000,000,020 | ---- | C] () -- C:\Users\KAROL\defogger_reenable [2011-09-23 17:30:13 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Pasek TVN24.lnk [2011-09-22 22:13:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2011-09-22 21:59:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_rig3usb_01009.Wdf [2011-09-22 16:12:27 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-09-22 14:11:55 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011-03-18 01:16:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6AF4210023.sys [2011-03-17 22:22:21 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010-11-26 01:39:47 | 000,000,391 | ---- | C] () -- C:\Windows\crownofglory.ini [2010-11-01 17:43:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010-08-20 18:57:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010-07-09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010-03-18 00:46:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010-03-18 00:46:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010-02-08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll [2009-11-22 21:52:05 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI [2009-09-17 21:29:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009-09-17 21:29:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-09-13 13:13:40 | 000,000,155 | ---- | C] () -- C:\Windows\mistrz.ini [2009-09-02 17:30:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\t5clientGateWriter.dll [2009-09-02 17:30:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\t5clientGateCalc.dll [2009-08-10 12:07:33 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xerces-depdom_2_7.dll [2009-08-10 12:06:58 | 001,409,024 | ---- | C] () -- C:\Windows\System32\t5core-1.0.dll [2009-08-10 09:26:01 | 010,166,272 | ---- | C] () -- C:\Windows\System32\icudt36.DLL [2009-07-24 20:35:00 | 000,000,026 | ---- | C] () -- C:\Windows\CDE SX200EXPORT.ini [2009-07-20 21:17:58 | 000,122,880 | ---- | C] () -- C:\Windows\System32\AitVirtualComInstall.exe [2009-07-20 21:10:48 | 000,307,200 | ---- | C] () -- C:\Windows\System32\InstallVCOM.exe [2009-04-24 00:52:21 | 000,005,236 | ---- | C] () -- C:\Users\KAROL\AppData\Local\unins000.dat [2009-04-19 16:36:45 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI [2009-04-15 11:02:05 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009-04-09 19:03:51 | 000,138,584 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009-04-09 19:03:39 | 000,189,672 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-04-09 19:03:30 | 000,070,968 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-03-25 22:17:22 | 000,000,026 | ---- | C] () -- C:\Windows\CDER220EDFNSCPHGT.ini [2009-03-25 21:43:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009-03-25 21:43:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009-03-25 21:43:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009-03-25 21:43:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009-03-25 21:43:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009-03-25 21:43:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009-03-25 21:43:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009-03-25 21:43:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009-03-25 21:43:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009-03-25 21:43:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009-03-25 21:43:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009-03-25 21:43:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009-03-25 21:43:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009-03-25 21:43:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009-03-25 21:43:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009-03-25 21:43:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009-03-25 21:43:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009-03-25 21:43:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009-03-25 21:43:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009-03-23 13:31:47 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2009-03-10 23:52:22 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2009-03-10 23:19:27 | 000,008,484 | ---- | C] () -- C:\Users\KAROL\AppData\Local\d3d9caps.dat [2009-03-07 11:50:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009-02-23 19:08:27 | 000,000,470 | ---- | C] () -- C:\Users\KAROL\AppData\Roaming\wklnhst.dat [2009-02-21 20:40:15 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-02-21 20:40:13 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-02-21 20:40:13 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-02-21 20:40:13 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-02-21 20:40:11 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-02-20 00:02:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009-02-19 22:34:29 | 000,052,736 | ---- | C] () -- C:\Users\KAROL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-03 19:45:03 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini [2008-11-03 19:05:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008-11-03 18:55:25 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008-08-25 16:31:45 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2008-08-25 16:31:45 | 000,137,286 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2008-08-25 16:31:45 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2008-08-25 16:31:45 | 000,013,218 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2008-05-04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll [2008-01-21 04:24:21 | 000,007,532 | ---- | C] () -- C:\Windows\System32\NT47AEX.DLL [2008-01-16 07:41:26 | 000,019,968 | ---- | C] () -- C:\Windows\System32\ttmsoutlook1.dll [2008-01-16 07:41:24 | 000,022,528 | ---- | C] () -- C:\Windows\System32\ttmsoffice1.dll [2007-11-14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006-12-18 15:10:38 | 000,474,112 | ---- | C] () -- C:\Windows\System32\log4cplus_dll.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,381,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,607,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,108,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2009-03-29 01:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Avanquest [2009-12-30 11:22:00 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\BitTorrent [2009-02-22 01:46:12 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\DigitalPersona [2009-09-10 23:54:32 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\EPSON [2011-02-25 17:24:59 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\ESET [2009-05-01 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Nowe Gadu-Gadu [2009-12-23 02:16:11 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Avanquest [2011-02-03 12:55:42 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Bentley [2009-10-09 00:17:39 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\BitTorrent [2010-11-11 20:46:23 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\blueconnect [2009-10-17 17:49:42 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DAEMON Tools Lite [2009-02-19 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DigitalPersona [2010-04-23 23:12:50 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\DNA [2011-09-22 16:20:01 | 000,000,000 | -H-D | M] -- C:\Users\KAROL\AppData\Roaming\drivers [2009-04-24 00:50:53 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2009-08-07 11:11:22 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\EPSON [2010-12-24 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\ESET [2010-09-06 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Gadu-Gadu 10 [2011-07-22 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\GARMIN [2010-09-07 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\gtk-2.0 [2011-09-29 14:42:06 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\HTC [2011-09-29 14:42:15 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010-11-18 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\ipla [2009-09-19 23:41:31 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\LimeWire [2010-01-05 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Moje pliki Bitwy o Śródziemie™ II [2010-11-13 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\My Games [2009-07-08 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Nokia [2009-04-12 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Nowe Gadu-Gadu [2010-11-27 17:47:36 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\OpenFM [2009-07-08 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\PC Suite [2010-03-02 02:02:34 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\POLENG [2010-03-18 00:45:38 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Samsung [2009-03-12 21:37:54 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Steinberg [2010-03-02 02:03:18 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\T6 [2009-02-23 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Template [2010-03-02 01:38:08 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\The Creative Assembly [2009-03-08 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Tibia [2011-03-18 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Ulead Systems [2009-03-15 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\VST3 Presets [2009-03-14 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Waves [2009-03-14 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\KAROL\AppData\Roaming\Waves Preferences [2010-05-15 12:50:35 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Avanquest [2010-05-15 14:01:58 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\Bentley [2010-05-15 13:35:15 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\DAEMON Tools Lite [2010-05-15 10:55:24 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\DigitalPersona [2010-12-31 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Paweł\AppData\Roaming\ESET [2011-10-02 00:18:53 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] Log z OTL'a Extras: [log]OTL Extras logfile created on: 2011-10-02 11:49:44 - Run 2 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\KAROL\Desktop\OTL Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,71% Memory free 6,19 Gb Paging File | 4,83 Gb Available in Paging File | 77,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,08 Gb Total Space | 62,76 Gb Free Space | 21,64% Space Free | Partition Type: NTFS Drive D: | 8,01 Gb Total Space | 1,09 Gb Free Space | 13,62% Space Free | Partition Type: NTFS Drive E: | 613,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAROL-PC | User Name: KAROL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [command] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Przeglądaj za pomocą programu h Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3384155157-3980012862-2537522586-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F2A23BB-10C6-4CDB-BC2C-DD5B4380FBA6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{10558D5B-8FE8-41FE-B80F-2787CECC2326}" = lport=139 | protocol=6 | dir=in | app=system | "{3201567D-72D4-4521-8349-A5718D28056E}" = rport=139 | protocol=6 | dir=out | app=system | "{43502B8F-C33E-434E-B771-30BCC5456BAA}" = lport=137 | protocol=17 | dir=in | app=system | "{4C24480E-37E3-48B6-BB83-2F267FA63BB9}" = lport=445 | protocol=6 | dir=in | app=system | "{58F3A70D-3FBA-4E7A-97AA-7EE079690C1E}" = lport=138 | protocol=17 | dir=in | app=system | "{7794642B-B3D7-4C04-92AC-E60459234BD7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{9230A8EA-662A-440C-A406-A0F832305254}" = rport=445 | protocol=6 | dir=out | app=system | "{9E8E5D25-05C5-4836-8723-071935F8A372}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B718073D-23C0-4C6A-AED9-84F780878196}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{BDE12523-D368-4245-ACC6-046DFBD7D08F}" = rport=138 | protocol=17 | dir=out | app=system | "{CADD605D-3586-4F6A-8F13-6E8A0FF11A63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E9397464-37DD-4C27-8558-68F469117785}" = lport=2869 | protocol=6 | dir=in | app=system | "{EA9CBFA9-D996-4941-A897-A672853DA17C}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0004BB2E-8113-4099-8871-25726C4CE66E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00F1B183-C1E7-46CD-B89E-CAA7E26922E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{024D64C2-268B-4432-924C-67932171A991}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{080A68CF-4FF3-4FE7-9903-F3E75D33D9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{09792CC4-17A8-4F0F-B662-9CC78F63B200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1555006F-471F-492F-8382-6BEE899692ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1650225B-B2C2-4BC8-B258-5EC4466023DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1669F832-6E21-4C66-A43E-28578743418B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16DC2527-6C5F-484C-A025-7A9447874ED4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{19053D5E-1A48-4135-8810-4241BF5896AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1B490312-DCD5-4D2D-B6BF-64A9840E753B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1BD0D3A6-F0D8-409A-A60F-B2B9278ED68F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1F339D6D-BE60-4E43-939E-F2050EFB80F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | "{21FB1D28-8B1B-4106-A230-EBADFBBF84E8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{23CB4C6D-D6C2-4D8B-B788-50C5184E350F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{244E4EF6-D6EA-4ACE-A53F-481AC907D053}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A88864D-3595-4636-9FA1-18211CDCD1E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2DC8A5C8-B204-4F51-BBC3-636168FBEBC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2F00E279-30C7-447C-8AFA-B3873BA1CE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33BD4E75-924B-456F-9E77-07569292E26C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39B15C46-F34B-4325-902A-0F6BA54C6E2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AEF5142-08F7-4D04-A6F1-44AC9AD4A065}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C777A22-C097-43AC-9E4E-9386A2A2365E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3DE6D2EC-E994-4465-B30A-13E3A767C3D5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{3ECC1D67-3EC2-41B7-91D4-B6EFE88AD4F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{40CF049C-F05F-45D1-AF65-8246E01B70FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{416D2052-B6E0-4D4C-9474-1F68F36FCB01}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bitwa o śródziemie ii\game.dat | "{43281175-D67F-464E-AFEC-4C84FFBA7FA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{444BA288-46AF-443C-BA26-D2BAAC7032AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{459849E3-3571-4E9F-B5BD-8A484B4EAC73}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47217946-8E7E-420E-976D-3B5AD639ECE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47349F4E-0817-4566-95C3-12B6F506B097}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47F31D22-DF0F-400C-BEF0-8314FC6A3CB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{48C0183F-A436-44C8-BEE2-F7255B1D4BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A4939D8-F461-4967-B05B-F38C6B5DD491}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BC9F6FC-FA9B-4DB3-B891-1AD0AD6C51A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BE1A408-4106-414D-8835-03271C8142E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EC5B852-639A-42CB-8770-33E36E94A98F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{55D089F6-42A9-47B3-9FAA-F375799B88CE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bitwa o śródziemie ii\game.dat | "{5713EDA6-B44E-4D11-B22D-0B803311CFC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{573417CD-AA1A-4989-A008-C9FE5467999D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B3C87B4-711C-421B-9D09-77EE323E3516}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{5C43A0E2-59F8-4247-966C-5B2C1D8650A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D59DE61-C3E9-4929-9C45-B42DEBA268DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5ED3FDB4-A439-4547-B27F-4C3B073C3C23}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5FBC68EC-36B3-4854-BAF4-37125568C567}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{634E1757-4AEC-41D2-B035-B5CAFB2DA69C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6522CA01-5F2D-4E0C-97A4-FC2462755AEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{667B01E7-4746-4E08-9147-47D9DD3BC7A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{68132967-1FF9-4B4E-A7E4-AC02DAAD0E59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69B3F3A4-5088-4D95-9632-DC35C07D4358}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{6E072742-4D4B-4003-81D6-6557809065EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7043EEA2-3D74-47C7-811F-7E1D2642B599}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{70BBEA19-F878-4A32-A35E-9E5C28D3CB52}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72DAC267-0F55-4D64-AD54-5770491121D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{731B2D94-A41A-4B81-B0AA-626D9649C4AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7456ED09-1D66-4700-9852-B93FF497AEA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74E9261B-BF3C-4966-83D4-A4C3146B1B88}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{756E018F-D0CE-46C6-B665-13CC501120CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{77A0AD32-304E-469D-89F1-E01B6C60A979}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78C814F0-41DD-44CE-9380-3A44C9B144D2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{7B8E2363-9425-4162-AF70-D7F0AF879E44}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7E574172-27BF-40C3-A23E-497FB303D555}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7EAB9380-3519-4273-91DA-6DAC427DE263}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{820EDC73-13AB-4054-AAFC-59DD88AEA071}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8446D91E-A088-43BA-AA7B-1DB68D2E3A27}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | "{859A0889-36B9-4BA0-A3C3-CDF82535B161}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8989A37E-88A0-4074-B966-F8610F6A4A75}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8AB9CDDF-995C-4779-9FE4-D1B7A37342C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90310C12-F0F5-45D8-9CA4-F560B532D8ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{927A709E-A7B9-4048-B965-85AB73A242B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{92A99139-EFBF-4264-84BB-A5B25E68BFAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{953F8075-508F-4EFC-ACEA-5DB8C7F43CAC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{9655E8C6-4DB6-4F03-9EB5-AEF76E7ED015}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97F5EEEB-5BDB-4D32-B6AF-0040EF0EE880}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{992456E6-91E0-4D06-A26B-8024D7BB778C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{9A988901-5D98-4865-B869-209B84767EF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E05AFE7-BE8F-4C95-B06A-7B161F3A355C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A05AE27B-0FAD-4432-B56B-0CF140FF4434}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A131EBC8-F07C-4F33-861C-C9E6FC740A07}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A56F20A9-B2A3-4715-B985-B237FA811B45}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9B97A7F-E18A-4101-8DB7-D5FBCEDE4DF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE7E8B39-3510-4DE7-8082-F1089B69EDFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B092DF4E-41EF-48EA-BF10-D5A57E7E1FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B6D16B62-F52A-4216-9CD1-0A848970AA8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7248D36-8FDB-4434-96B1-A861088C0F70}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B92DA10C-ECB3-4023-99D7-17391FA1973F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{C1B3C154-9592-46AB-9E87-6B71438AF817}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C27C12B4-3584-4B34-A095-9AA485E63F1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C49367C2-3F0B-4450-AE05-0B097AA780C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C56CF1AE-EF43-48CE-8062-5647B588F873}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C5B40DED-E548-4E6E-90BF-68E34B0B1F2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C6AB59D0-FDDD-4688-8A48-6626D58F949B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8B00D1B-B302-4D69-9E87-A8D30305B468}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8E028E0-AF44-4C52-AE70-73053DFD3822}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2A223E2-14C9-4ACA-B018-B2B8A71FBA3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2D9B6AD-EE65-479E-9D2B-CABB237F8AA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D3D64D29-E99B-4C36-AAA1-59A44121F4B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D42EC6E3-C0DC-47A1-B37F-1191F79934B9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D4F151F9-1081-4994-B1C7-3EEE6AFFAF2C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D594564B-D53F-40A8-AC84-000BA5EEA3FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D8C6C58C-920C-4D90-BC44-62F84D37802B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D94A7647-BD8C-4E76-96FE-2FB01AAE81BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DC9155E9-90F8-4606-B0A9-A30E69B018EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E1ABCE58-56D4-407B-AD57-7CFB94A99DFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4BD6B49-6E6B-4AD9-9ED2-9340A3E391DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5603646-11BD-47FE-A88B-5F4EE188F2C4}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{E63AF067-194D-45C1-A4DF-CB0D1B87813E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E69C7FDF-AE87-411B-AA22-C628921C4C4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7C61BAB-F970-4D13-9107-C5DA3E6A374F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E81433A9-712F-4B8B-8389-A28568041E70}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9469CBB-F4EF-4977-8666-8C5BA89245EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA5E385A-05D9-49E0-9EA6-F319C642D6C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EADC4791-48F7-4BA5-BE96-65768DA01E8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED8A6D02-60AE-4B31-AF71-4DF6C4FFA6A5}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F328FA08-D53B-4D99-9C37-2E780913C4D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F64D3AA9-9D79-4F19-8167-D96FC035B3E1}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{F6A1F6B4-E396-4B6F-BC87-A2F63CECC6BF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{F95CC508-264B-4710-9DB1-E73B81E4A6C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FB3B10B4-568C-47EA-9B32-0DDFC3108E33}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FC0FA5EC-7B0A-4B6B-B7B0-D3C9FD93783D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FDC59FCF-9F87-4F3C-9222-DABF7101B88B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FF22A23B-6D30-4AC1-B7FE-6A4B1960B9AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "_{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Project Creator "{00473C7D-1789-4873-9A75-96647FB01D27}" = Translatica 7 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{10A44844-4465-456E-8C97-80BDD4F68845}" = Asystent rejestrowania za pomocą identyfikatora Windows Live "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{223818EB-2BB5-4AAD-9F38-BA9668A4E3F3}" = Windows Live Messenger "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie™ II "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{306B39C9-3AB1-4161-8567-9C7E50B41AE3}" = Microsoft Works "{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7 "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{472ABCE2-5B2E-4D29-ABF4-94E1097558A6}" = Diplomacy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) "{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4 "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{62621555-6310-433D-983E-957D707DC535}" = ESET Smart Security "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514) "{6D3A83A6-8F72-4354-A80D-721D1E54FC76}" = Garmin City Navigator Europe NT 2012.20 Update "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514) "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{804EC265-0837-4694-8324-7D385A08319F}" = Hearts of Iron III "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88CF7ACB-6A31-4EB0-9BA3-5C54D314620C}_is1" = Pasek TVN24 wersja 1.13 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core "{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - English "{91120415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1) "{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 "{97AFC99F-3E90-4A9F-B4BA-CFDDB9785FDC}" = Jupiter 2008 Standard "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6EC5250-2E27-1B1C-2283-BBD468EEB1B9}" = e-Deklaracje "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin "{A84C785A-0796-4BED-9BC3-EFB6C4F12602}" = Mirar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobilny Internet "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.44 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements "{B1FD6402-6414-42B6-BD77-22F43087D783}" = Gary Grigsby's World At War "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 280.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103 "{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension "{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4 "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86) "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{DD876490-252F-4EEF-B205-2E8F5A6E523B}" = ProtectSmart Hard Drive Protection "{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL "{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM "{DF4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro "{DF4ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share "{DF612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{DF75FFEE-2FCE-4774-902A-749198C00A68}" = PureHD "{DF99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_PRJ "{DFAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{DFBCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO "{DFC02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD "{DFC4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO "{DFD99A66-493F-468B-BCE1-6F88612B89D5}" = Contents "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Złota Edycja "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F37ACB45-F73B-47A2-BCE5-3019312D8A06}" = GPMapa 2009.3 "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "ALLConverter to 3GP_is1" = ALLConverter to 3GP "ALLPlayer_is1" = ALLPlayer V4.X "Alpha ASIO driver" = Lexicon Alpha ASIO (remove only) "AOL Toolbar" = Pasek narzędzi AOL 5.0 "BB_is1" = RealDrums Set 14 "blueconnect" = blueconnect "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Counter-Strike 1.6" = Counter-Strike 1.6 "Crown Of Glory1.10" = Crown Of Glory "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "eMule" = eMule "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Przewodnik użytkownika" = EPSON Stylus SX200_SX400_TX200_TX400 Podręcznik "ForteDXi_is1" = ForteDXi 1.6 "Gadu-Gadu 10" = Gadu-Gadu 10 "GameSpy Arcade" = GameSpy Arcade "Gary Grigsby's World At War1.040" = Gary Grigsby's World At War "Google Chrome" = Google Chrome "Guitar Pro 4.0.7" = Guitar Pro 4.0.7 "IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "InstallShield_{97AFC99F-3E90-4A9F-B4BA-CFDDB9785FDC}" = Jupiter 2008 Standard "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F01B7EF4-F487-4948-AA18-5332FE5495C9}" = Medieval - Total War - Złota Edycja "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Instrukcja użytkownika ESPR220" = Instrukcja użytkownika ESPR220 "ipla" = ipla 2.2 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full) "LexiconStudio" = Lexicon Pantheon VST Plug-in (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mistrz Klawiatury 1.0_is1" = Mistrz Klawiatury 1.0 "Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl) "Narodziny Ameryki_is1" = Narodziny Ameryki "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4 "Native Instruments Kontakt Player Sibelius" = Native Instruments Kontakt Player Sibelius "Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3 "Native Instruments Service Center" = Native Instruments Service Center "Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "OpenAL" = OpenAL "Pasek TVN24" = Pasek TVN24 1.11 "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1 "RealPlayer 6.0" = RealPlayer "SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1) "Sibelius 3" = Sibelius 3 "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Steam App 34030" = Napoleon: Total War "Steam App 63950" = IL-2 Sturmovik: Cliffs of Dover "Syncrosoft License Control" = Syncrosoft License Control "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VASSAL (3.1.16)" = VASSAL (3.1.16) "Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10 "Waves GTR 3" = Waves GTR 3 "Wielka Encyklopedia Roślin" = Wielka Encyklopedia Roślin "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.6 "WinKalk" = WinKalk "WinRAR archiver" = Archiwizator WinRAR "Xfire" = Xfire (remove only) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3384155157-3980012862-2537522586-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "VASSAL" = VASSAL [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-09-21 03:11:50 | Computer Name = KAROL-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2010-09-22 03:24:49 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-23 02:54:07 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-23 12:46:25 | Computer Name = KAROL-PC | Source = Google Update | ID = 20 Description = Error - 2010-09-23 16:52:29 | Computer Name = KAROL-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd POWERPNT.EXE, wersja 11.0.8324.0, sygnatura czasowa 0x4bc93678, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000005, przesunięcie błędu 0x0003974e, identyfikator procesu 0x1358, godzina rozpoczęcia aplikacji 0x01cb5b57f4676410. Error - 2010-09-24 03:53:37 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-25 03:16:03 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 03:09:27 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 04:05:42 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-09-26 05:24:05 | Computer Name = KAROL-PC | Source = WinMgmt | ID = 10 Description = [ DigitalPersona Pro Events ] Error - 2009-04-14 08:01:44 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-14 08:01:49 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-14 08:02:03 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-25 16:15:26 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2009-04-25 16:15:31 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2001-01-01 21:27:43 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827841 Description = One-to-one fingerprint match failed. Error - 2010-01-18 07:17:06 | Computer Name = KAROL-PC | Source = DigitalPersona Pro | ID = 17827589 Description = DPHost cannot start. Error: 0x8009000f [ Media Center Events ] Error - 2009-03-25 03:16:47 | Computer Name = KAROL-PC | Source = MCUpdate | ID = 0 Description = Oczekiwanie na obiekt mutex funkcji MCUpdate nie powiodło się i zgłoszono wyjątek: Oczekiwanie zakończone z powodu porzuconego elementu mutex.. Error - 2010-01-03 07:43:33 | Computer Name = KAROL-PC | Source = Media Center Guide | ID = 0 Description = Informacje o zdarzeniu: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Proces: DefaultDomain Nazwa obiektu: Media Center Guide Error - 2010-06-03 17:07:38 | Computer Name = KAROL-PC | Source = Media Center Guide | ID = 0 Description = Informacje o zdarzeniu: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109 Proces: DefaultDomain Nazwa obiektu: Media Center Guide [ System Events ] Error - 2011-09-30 10:29:49 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-09-30 10:30:34 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-09-30 11:16:49 | Computer Name = KAROL-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-01 03:13:09 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-10-01 03:13:59 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-10-01 11:12:12 | Computer Name = KAROL-PC | Source = DCOM | ID = 10005 Description = Error - 2011-10-02 05:16:25 | Computer Name = KAROL-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 2011-10-02 05:17:15 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-10-02 05:37:14 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7034 Description = Error - 2011-10-02 05:37:14 | Computer Name = KAROL-PC | Source = Service Control Manager | ID = 7034 Description = [ Translatica Events ] Error - 2010-08-02 17:06:31 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-03 14:00:54 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-11 17:29:38 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-12 05:46:45 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 07:23:38 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 17:52:29 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-14 17:54:19 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-16 15:59:16 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-16 16:24:24 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. Error - 2010-08-17 18:28:00 | Computer Name = KAROL-PC | Source = StartScreen | ID = 0 Description = Nie można odnaleźć pliku 'C:\Users\KAROL\AppData\Roaming\Mozilla\Firefox\profiles.ini'. < End of report > [/log] Tak w ogóle zauważyłem, że nie pojawia się już BSOD, ale nie wiem czy jest to naprawione czy po prostu coś co go powoduje jest zdezaktywowane. (wirtualny napęd). Taka moja myśl. Pozdrawiam
Gość komentarz 2 października 2011 komentarz 2 października 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [php]:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb IE - HKU\S-1-5-21-3384155157-3980012862-2537522586-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb FF - prefs.js..browser.startup.homepage: "http://www.ing.pl/u235/navi/35" FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-3384155157-3980012862-2537522586-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 33 - MountPoints2\{079d6d45-a137-11de-b381-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{079d6d45-a137-11de-b381-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0a0d7c58-edc5-11df-abe4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0a0d7c58-edc5-11df-abe4-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0a0d7c96-edc5-11df-abe4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{0a0d7c96-edc5-11df-abe4-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3f4cd2ae-6d39-11de-bbb4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{3f4cd2ae-6d39-11de-bbb4-00235aa3678a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3f4cd2e4-6d39-11de-bbb4-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{3f4cd2e4-6d39-11de-bbb4-00235aa3678a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{497e8cee-a1dd-11de-8e95-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{497e8cee-a1dd-11de-8e95-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4fa324c8-45f1-11de-8642-002186c9e731}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe O33 - MountPoints2\{4fa324c8-45f1-11de-8642-002186c9e731}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe O33 - MountPoints2\{55b25d95-bb33-11de-b450-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{55b25d95-bb33-11de-b450-002186c9e731}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{78666a58-1f59-11df-8393-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{78666a58-1f59-11df-8393-002186c9e731}\Shell\AutoRun\command - "" = F:\hom&m3gepl.exe O33 - MountPoints2\{8a534210-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534210-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a53422f-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a53422f-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a534244-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534244-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8a534279-a102-11de-aee5-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{8a534279-a102-11de-aee5-002186c9e731}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8f43ff0e-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff0e-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff39-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff39-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff3e-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff3e-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff41-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff41-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8f43ff46-edc8-11df-9aef-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{8f43ff46-edc8-11df-9aef-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{92836121-d296-11de-bba3-002186c9e731}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs O33 - MountPoints2\{949d1381-b821-11e0-9426-002186c9e731}\Shell - "" = AutoRun O33 - MountPoints2\{949d1381-b821-11e0-9426-002186c9e731}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{949d13bd-b821-11e0-9426-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{949d13bd-b821-11e0-9426-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fe90c862-ed6c-11df-b23e-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{fe90c862-ed6c-11df-b23e-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b51f7-edc1-11df-b455-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b51f7-edc1-11df-b455-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b5234-edc1-11df-b455-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b5234-edc1-11df-b455-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff9b523e-edc1-11df-b455-00235aa3678a}\Shell - "" = AutoRun O33 - MountPoints2\{ff9b523e-edc1-11df-b455-00235aa3678a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe :Commands [emptyflash] [emptytemp][/php] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. Powstanie log z usuwania. Zapisz go i dodaj do posta. Wykonaj nowy skan OTL i wstaw log (Extras juz nie potrzebuje). 1
Perfer komentarz 9 października 2011 Autor komentarz 9 października 2011 Wybacz że tak długo nie pisałem. Dało radę, nie crashuje już. LOG'a nie wstawię, bo jestem już na studiach i nie mam dostępu do kompa (od Ojca). W każdym razie dzięki za pomoc, pomogło! Pozdrawiam.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.