bobstar utworzono 20 kwietnia 2012 utworzono 20 kwietnia 2012 Witam. proszę o pomoc. Gdy włączam laptopa (MSI PR600) system (VISTA 32) uruchamia się do momentu pojawienia się czarnego ekranu + kursora. aby uruchomić pulpit, musze dać alt+ctrl+del i w menagerze zadań dodać nowe zadanie explorer.exe. dopiero wtedy komputer "ładuje się" normalnie i pojawia się pulpit itp. poniżej logi. prosze o pomoc jak naprawić ten problem pozdrawiam Log z otl: otl.txt [log] OTL logfile created on: 2012-04-20 09:38:06 - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,10% Memory free 4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 3,60 Gb Free Space | 4,06% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 9,55 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe PRC - [2012-03-29 16:56:31 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2012-03-03 12:05:37 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe PRC - [2012-02-29 08:55:08 | 017,148,552 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2012-02-24 19:58:24 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011-11-16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2011-08-26 09:51:45 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Gosia\AppData\Local\Google\Update\GoogleUpdate.exe PRC - [2011-06-09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2011-04-13 22:16:03 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2011-04-12 18:07:38 | 000,198,656 | ---- | M] () -- C:\Users\Gosia\winlogon.exe PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-01-19 18:29:02 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009-02-26 13:57:18 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2009-02-26 13:57:16 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2009-02-26 13:57:12 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2009-01-10 04:07:13 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008-06-14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe PRC - [2008-05-30 01:22:32 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe PRC - [2008-05-30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe PRC - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe PRC - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008-01-18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-18 23:33:38 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe PRC - [2008-01-18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-18 23:33:16 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-18 23:33:06 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro\o2flash.exe PRC - [2006-12-19 16:23:38 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () -- C:\Program Files\System Control Manager\edd.exe PRC - [2006-02-28 13:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2005-02-16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe MOD - [2012-03-29 16:56:32 | 001,969,112 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll MOD - [2012-03-29 16:56:32 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\freebl3.dll MOD - [2012-03-29 16:56:32 | 000,033,240 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\mozglue.dll MOD - [2012-03-29 16:56:32 | 000,015,832 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\mozalloc.dll MOD - [2012-03-29 16:56:31 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\nss3.dll MOD - [2012-03-29 16:56:31 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe MOD - [2012-03-29 16:56:31 | 000,371,672 | ---- | M] (sqlite.org) -- C:\Program Files\Mozilla Thunderbird\mozsqlite3.dll MOD - [2012-03-29 16:56:31 | 000,371,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\nssckbi.dll MOD - [2012-03-29 16:56:31 | 000,175,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\nspr4.dll MOD - [2012-03-29 16:56:31 | 000,170,968 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\softokn3.dll MOD - [2012-03-29 16:56:31 | 000,162,776 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012-03-29 16:56:31 | 000,158,680 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\ssl3.dll MOD - [2012-03-29 16:56:31 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\nssdbm3.dll MOD - [2012-03-29 16:56:31 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\smime3.dll MOD - [2012-03-29 16:56:31 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\nssutil3.dll MOD - [2012-03-29 16:56:31 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\plc4.dll MOD - [2012-03-29 16:56:31 | 000,021,976 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012-03-29 16:56:31 | 000,018,904 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\plds4.dll MOD - [2012-03-29 16:56:30 | 016,911,320 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\xul.dll MOD - [2012-03-29 16:56:30 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Thunderbird\xpcom.dll MOD - [2012-03-22 12:58:12 | 001,231,472 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6934F32E05F1ABDC.dll MOD - [2012-03-22 12:57:44 | 003,050,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_17695C964715481C.dll MOD - [2012-03-22 12:57:39 | 000,192,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll MOD - [2012-03-21 21:07:37 | 000,821,672 | ---- | M] (Google Inc.) -- C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\goopdate.dll MOD - [2012-03-03 12:05:37 | 008,632,480 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\Flash11f.ocx MOD - [2012-03-03 12:05:37 | 000,335,520 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.dll MOD - [2012-03-03 12:05:37 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe MOD - [2012-02-29 17:11:42 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2012-02-29 17:09:53 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2012-02-29 08:55:08 | 017,148,552 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe MOD - [2012-02-28 03:52:25 | 012,281,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll MOD - [2012-02-28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2012-02-28 03:18:55 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll MOD - [2012-02-28 03:12:01 | 001,103,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2012-02-28 03:11:07 | 001,127,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2012-02-28 03:08:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll MOD - [2012-02-28 03:04:32 | 001,792,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2012-02-28 02:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll MOD - [2012-02-24 19:58:24 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe MOD - [2012-02-14 17:45:30 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll MOD - [2012-02-14 17:45:30 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll MOD - [2012-02-13 16:12:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll MOD - [2012-02-13 15:47:57 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll MOD - [2012-02-13 15:44:40 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll MOD - [2012-01-10 21:00:33 | 001,003,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll MOD - [2012-01-10 21:00:33 | 000,150,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011-12-14 18:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2011-11-18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2011-11-16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2011-11-16 18:23:08 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2011-11-16 18:23:05 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll MOD - [2011-10-14 18:03:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2011-09-30 17:57:08 | 000,707,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\wab32.dll MOD - [2011-08-26 09:51:45 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Gosia\AppData\Local\Google\Update\GoogleUpdate.exe MOD - [2011-08-25 18:14:01 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2011-08-25 18:14:01 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2011-08-25 15:31:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll MOD - [2011-07-03 01:42:31 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll MOD - [2011-07-03 01:42:31 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll MOD - [2011-06-15 18:12:11 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2011-06-09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe MOD - [2011-05-25 19:29:22 | 000,072,192 | ---- | M] (Martin Prikryl) -- C:\Program Files\WinSCP\DragExt.dll MOD - [2011-05-02 19:16:14 | 000,739,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll MOD - [2011-04-13 22:16:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll MOD - [2011-04-13 22:16:03 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe MOD - [2011-04-13 22:16:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll MOD - [2011-04-13 22:16:02 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll MOD - [2011-04-13 22:16:02 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll MOD - [2011-04-13 22:16:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll MOD - [2011-04-13 22:16:02 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll MOD - [2011-04-13 22:16:01 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll MOD - [2011-04-13 22:16:00 | 000,766,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll MOD - [2011-04-13 22:16:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll MOD - [2011-04-12 18:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-04-12 18:07:38 | 000,198,656 | ---- | M] () -- C:\Users\Gosia\winlogon.exe MOD - [2011-03-03 17:40:05 | 000,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll MOD - [2011-03-03 17:40:05 | 000,458,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll MOD - [2011-03-02 17:44:26 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2011-01-20 18:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll MOD - [2011-01-20 18:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll MOD - [2011-01-20 18:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll MOD - [2011-01-20 18:07:42 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2011-01-20 18:07:16 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2011-01-20 18:07:03 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-11-04 20:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll MOD - [2010-11-04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll MOD - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010-08-31 17:43:52 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll MOD - [2010-08-26 18:37:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll MOD - [2010-08-12 15:54:30 | 000,105,952 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-06-18 19:31:29 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll MOD - [2010-06-11 18:15:06 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll MOD - [2010-05-04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2010-01-29 17:40:43 | 001,616,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\msoe.dll MOD - [2010-01-19 18:29:02 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe MOD - [2010-01-19 18:24:44 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll MOD - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE MOD - [2009-11-09 05:15:42 | 000,163,840 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOSH.DLL MOD - [2009-10-23 19:10:19 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2009-10-01 03:02:04 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2009-10-01 03:02:02 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2009-10-01 03:01:59 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2009-09-25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009-09-25 04:07:08 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll MOD - [2009-09-04 13:41:59 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2009-08-11 18:44:26 | 001,401,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-11 21:01:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-06-15 16:51:38 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll MOD - [2009-04-30 16:01:00 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\TEMP\logishrd\LVPrcInj01.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:26 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2009-04-11 08:28:26 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll MOD - [2009-04-11 08:28:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2009-04-11 08:28:25 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2009-04-11 08:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2009-04-11 08:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2009-04-11 08:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 001,576,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll MOD - [2009-04-11 08:28:24 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2009-04-11 08:28:24 | 000,203,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2009-04-11 08:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll MOD - [2009-04-11 08:28:23 | 001,823,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2009-04-11 08:28:23 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2009-04-11 08:28:23 | 001,381,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Query.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll MOD - [2009-04-11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2009-04-11 08:28:22 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll MOD - [2009-04-11 08:28:22 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll MOD - [2009-04-11 08:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll MOD - [2009-04-11 08:28:21 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll MOD - [2009-04-11 08:28:20 | 002,012,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,564,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll MOD - [2009-04-11 08:28:20 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2009-04-11 08:28:20 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2009-04-11 08:28:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:20 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll MOD - [2009-04-11 08:28:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll MOD - [2009-04-11 08:28:19 | 001,459,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esent.dll MOD - [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2009-04-11 08:28:19 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2009-04-11 08:28:19 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2009-04-11 08:28:19 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2009-04-11 08:28:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll MOD - [2009-04-11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009-04-11 08:28:19 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2009-04-11 08:28:19 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll MOD - [2009-04-11 08:28:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2009-04-11 08:28:18 | 001,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll MOD - [2009-04-11 08:28:18 | 001,788,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll MOD - [2009-04-11 08:28:18 | 001,324,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2009-04-11 08:28:18 | 001,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll MOD - [2009-04-11 08:28:18 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2009-04-11 08:28:18 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll MOD - [2009-04-11 08:28:18 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2009-04-11 08:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2009-04-11 08:28:18 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credui.dll MOD - [2009-04-11 08:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2009-04-11 08:28:18 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2009-04-11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-11 08:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe MOD - [2009-04-11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe MOD - [2009-04-11 08:27:12 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2009-04-11 08:27:12 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2009-04-11 08:27:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv MOD - [2009-02-26 13:57:18 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe MOD - [2009-02-26 13:57:16 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe MOD - [2009-02-26 13:57:12 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe MOD - [2009-02-26 13:39:46 | 003,821,568 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll MOD - [2009-02-26 13:08:10 | 000,287,744 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc MOD - [2009-02-26 13:05:12 | 000,257,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll MOD - [2009-02-26 13:04:20 | 000,051,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll MOD - [2009-02-26 13:03:52 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll MOD - [2009-02-26 13:03:46 | 000,210,432 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdev.dll MOD - [2009-02-26 12:34:14 | 000,536,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll MOD - [2009-01-10 04:07:13 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MOD - [2008-06-16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Mouse Driver\MouseHook.dll MOD - [2008-06-14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe MOD - [2008-05-30 01:22:32 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe MOD - [2008-05-30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe MOD - [2008-01-18 23:38:16 | 000,090,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpOAV.dll MOD - [2008-01-18 23:38:04 | 000,155,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll MOD - [2008-01-18 23:37:12 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2008-01-18 23:37:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll MOD - [2008-01-18 23:37:12 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2008-01-18 23:37:12 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2008-01-18 23:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-18 23:37:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnssci.dll MOD - [2008-01-18 23:36:58 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2008-01-18 23:36:56 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2008-01-18 23:36:50 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll MOD - [2008-01-18 23:36:50 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2008-01-18 23:36:50 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-18 23:36:48 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2008-01-18 23:36:42 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll MOD - [2008-01-18 23:36:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2008-01-18 23:36:40 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll MOD - [2008-01-18 23:36:40 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll MOD - [2008-01-18 23:36:38 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2008-01-18 23:36:36 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-18 23:36:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll MOD - [2008-01-18 23:36:16 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2008-01-18 23:36:16 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll MOD - [2008-01-18 23:36:14 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2008-01-18 23:36:08 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2008-01-18 23:36:08 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll MOD - [2008-01-18 23:36:02 | 000,688,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\Ole DB\oledb32.dll MOD - [2008-01-18 23:36:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll MOD - [2008-01-18 23:36:00 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2008-01-18 23:36:00 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2008-01-18 23:36:00 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2008-01-18 23:35:58 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-18 23:35:40 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll MOD - [2008-01-18 23:35:40 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2008-01-18 23:35:38 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll MOD - [2008-01-18 23:35:36 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2008-01-18 23:35:14 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstask.dll MOD - [2008-01-18 23:35:14 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll MOD - [2008-01-18 23:35:14 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll MOD - [2008-01-18 23:35:12 | 000,475,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll MOD - [2008-01-18 23:35:12 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msident.dll MOD - [2008-01-18 23:34:56 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll MOD - [2008-01-18 23:34:56 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll MOD - [2008-01-18 23:34:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll MOD - [2008-01-18 23:34:50 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2008-01-18 23:34:28 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll MOD - [2008-01-18 23:34:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2008-01-18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008-01-18 23:34:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll MOD - [2008-01-18 23:34:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2008-01-18 23:34:06 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll MOD - [2008-01-18 23:34:04 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008-01-18 23:34:04 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll MOD - [2008-01-18 23:34:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll MOD - [2008-01-18 23:34:04 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll MOD - [2008-01-18 23:34:02 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll MOD - [2008-01-18 23:34:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll MOD - [2008-01-18 23:33:54 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-18 23:33:50 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2008-01-18 23:33:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2008-01-18 23:33:46 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll MOD - [2008-01-18 23:33:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008-01-18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe MOD - [2008-01-18 23:33:38 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe MOD - [2008-01-18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008-01-05 03:23:06 | 000,336,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\OESpamFilter.dll MOD - [2007-09-20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007-03-29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Mouse Driver\keydll.dll MOD - [2006-11-02 14:34:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006-11-02 14:34:04 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006-11-02 14:33:52 | 002,836,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\MSOERES.dll MOD - [2006-11-02 14:33:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006-11-02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006-11-02 11:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shimeng.dll MOD - [2006-11-02 11:46:13 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll MOD - [2006-11-02 11:46:13 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll MOD - [2006-11-02 11:46:12 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\Ole DB\oledb32r.dll MOD - [2006-11-02 11:46:12 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pautoenr.dll MOD - [2006-11-02 11:46:12 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pstorec.dll MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006-11-02 11:46:05 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2006-11-02 11:46:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddrawex.dll MOD - [2006-11-02 11:46:03 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll MOD - [2006-11-02 11:46:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006-11-02 10:48:55 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll MOD - [2006-11-02 09:28:12 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\wab32res.dll MOD - [2006-11-02 09:28:10 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll MOD - [2006-07-10 12:00:00 | 000,141,312 | ---- | M] () -- C:\Program Files\ZipZag\zipzagcm.dll MOD - [2006-02-28 13:42:30 | 000,094,208 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mdnsNSP.dll MOD - [2005-02-16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel® SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade) SRV - File not found [Auto | Stopped] -- -- (ASKService) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-11-16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011-10-18 10:16:06 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010-01-19 18:24:12 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-11-14 15:29:06 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-03 21:36:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro\o2flash.exe -- (o2flash) SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\edd.exe -- (NishService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (as2ktgea) DRV - [2009-12-30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-05-01 01:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC) DRV - [2009-05-01 01:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009-05-01 01:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009-04-30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-24 20:07:38 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009-03-20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-01-13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-04-18 12:30:29 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008-03-22 11:31:58 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-03-09 08:01:00 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2007-03-05 15:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-12-22 06:21:52 | 000,019,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-11-30 20:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006-11-20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006-11-20 09:14:08 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2006-11-02 18:41:00 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006-11-02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-10-28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-10-10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006-10-05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2005-08-01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-01-06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/"]http://startsear.ch/[/url] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url] IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q=%7BsearchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/web/%7BsearchTerms%7D?babsrc=browsersearch&AF=15627"]http://search.babylo...search&AF=15627[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.pl/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7&rlz=1I7GGLL_plPL325"]http://www.google.pl...1I7GGLL_plPL325[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q=%7BsearchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid=%7B13D3E8E6-4BF8-452D-907E-1F206EDB52DF%7D&mid=32904b96a97447d08753d154d4afaae5-be72f898c1c2c2df576d9b216766416aed369e44&lang=pl&ds=gm011&pr=sa&d=2012-03-26"]http://isearch.avg.c...sa&d=2012-03-26[/url] 20:03:05&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-22 16:49:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-14 13:55:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-04-16 22:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions [2010-04-29 09:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-11 11:48:50 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2008-12-23 12:28:35 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011-01-10 11:12:01 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\firesheep@codebutler.com [2009-12-04 13:35:13 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\seoquake-plugin-seolinx@seoquake.com [2012-01-17 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-30 12:31:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-22 16:49:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-07 12:19:18 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-26 20:03:00 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2010-12-27 10:02:05 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-10-07 12:19:18 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-10-07 12:19:18 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-07 12:19:18 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-07 12:19:18 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-07 12:19:18 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = [url="http://isearch.avg.com/search?cid=%7B13D3E8E6-4BF8-452D-907E-1F206EDB52DF%7D&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q=%7BsearchTerms"]http://isearch.avg.c...&q={searchTerms[/url]} CHR - default_search_provider: suggest_url = [url="http://clients5.google.com/complete/search?hl=%7Blanguage%7D&q=%7BsearchTerms%7D&client=ie8&inputencoding=%7BinputEncoding%7D&outputencoding=%7BoutputEncoding"]http://clients5.goog...{outputEncoding[/url]} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Translator = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Edit This Cookie = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.14.8_0\ CHR - Extension: Skype Click to Call = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: SEO SERP = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg\0.14.4_0\ CHR - Extension: Gmail = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - E:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-777273053-2809330852-579202895-1000..\Run: [GG] C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-777273053-2809330852-579202895-1000..\Run: [winlogon] C:\Users\Gosia\winlogon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([asia.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([global.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([www.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: google.pl ([www] https in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset...lineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC3D5EA7-EC0A-4BB6-BDE9-F4DDD20D4D7D}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDA372CA-4DD5-4BCA-B90E-9B4BE5AFD8FA}: DhcpNameServer = 8.8.8.8 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-777273053-2809330852-579202895-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-777273053-2809330852-579202895-1000 Winlogon: Shell - ("C:\Users\Gosia\winlogon.exe") - C:\Users\Gosia\winlogon.exe () O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-03-28 21:10:33 | 000,028,676 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\AutoRun\command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\open\Command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{cf69978f-8b50-11df-9025-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{d9bb8940-a130-11df-8a7c-001d924b4316}\Shell - "" = Autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]crrss[/b] - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-04-20 09:35:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-16 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-03-31 22:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2012-03-31 22:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [2012-03-31 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Deluxe Ski Jump 4 [2012-03-30 12:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-03-30 12:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012-03-28 08:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-03-28 08:17:56 | 000,000,000 | --SD | C] -- C:\Users\Gosia\GG dysk [2012-03-26 20:02:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012-03-03 12:26:17 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GG [2012-03-02 15:27:59 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Roaming\GG [2012-03-02 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\Gosia\AppData\Local\GG [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-20 09:32:02 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2012-04-20 09:30:02 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2012-04-20 09:19:22 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-04-20 09:19:20 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-04-20 09:19:20 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-04-20 09:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-04-20 07:34:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-04-19 23:12:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000UA.job [2012-04-19 23:02:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-04-19 22:32:33 | 000,116,736 | ---- | M] () -- C:\Users\Gosia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-19 20:12:02 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000Core.job [2012-04-19 13:41:00 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012-04-16 21:38:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-04-14 19:37:46 | 000,714,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-04-14 19:37:46 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-04-14 19:37:46 | 000,152,718 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-04-14 19:37:46 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-03-28 08:51:49 | 000,100,983 | ---- | M] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | M] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [2012-03-16 22:08:03 | 000,000,680 | ---- | M] () -- C:\Users\Gosia\AppData\Local\d3d9caps.dat [2012-03-15 04:32:08 | 001,713,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-18 09:58:08 | 000,001,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk [2012-04-16 21:38:41 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-03-28 08:51:49 | 000,100,983 | ---- | C] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | C] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [2011-11-06 22:33:20 | 000,001,958 | ---- | C] () -- C:\Windows\System32\enbseries.ini [2011-09-25 00:51:40 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-09-25 00:51:40 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-06-23 21:12:33 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2011-06-23 21:12:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2011-06-23 21:12:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2011-06-23 21:12:30 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll [2011-06-23 21:12:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\libvorbis.dll [2011-06-23 21:12:29 | 000,147,522 | ---- | C] () -- C:\Windows\System32\language.ini [2011-06-23 21:12:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LameEncShim.dll [2011-06-23 21:12:28 | 000,688,128 | ---- | C] () -- C:\Windows\System32\ia32math.dll [2011-06-23 21:12:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011-06-23 21:12:24 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll [2011-06-20 22:46:28 | 000,000,600 | ---- | C] () -- C:\Users\Gosia\AppData\Roaming\winscp.rnd [2010-10-27 10:06:29 | 000,004,096 | -H-- | C] () -- C:\Users\Gosia\AppData\Local\keyfile3.drm [2010-06-16 17:24:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010-06-07 16:46:43 | 000,000,680 | ---- | C] () -- C:\Users\Gosia\AppData\Local\d3d9caps.dat [color=#E56717]========== LOP Check ==========[/color] [2009-02-04 00:01:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\2K Sports [2011-03-11 10:57:14 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Azureus [2008-06-28 12:50:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Blumentals [2010-07-15 08:25:17 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Bytemobile [2012-04-19 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\CuteRank [2008-04-18 12:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\DAEMON Tools [2010-07-15 08:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ERA [2011-12-12 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\EurekaLog [2012-04-17 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\FileZilla [2011-06-08 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Free Monitor for Google [2008-03-03 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu [2010-04-27 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu 10 [2008-04-04 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GameHouse [2012-04-20 09:29:34 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GG [2008-06-21 00:16:39 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GHISLER [2010-07-10 10:26:08 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\JAlbum [2008-11-17 23:29:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Leadertech [2012-03-26 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2009-05-30 11:56:56 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\My Games [2010-06-26 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenFM [2010-05-21 01:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenOffice.org [2010-05-28 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Opera [2009-09-21 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PC Suite [2008-03-26 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PeerNetworking [2009-11-12 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Piechnat Soft [2008-03-01 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Pogo Games [2009-06-08 02:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PPMate [2010-11-11 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Raptr [2009-09-21 19:03:19 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Samsung [2008-08-22 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Silver Style Entertainment [2010-08-16 14:57:12 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softland [2009-03-10 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\SoftMaker [2010-06-02 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softplicity [2010-08-19 15:41:30 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Thunderbird [2011-10-18 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\TuneUp Software [2011-06-29 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Uniblue [2011-06-14 09:32:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\VS Revo Group [2009-06-09 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Vso [2010-08-18 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\XnView [2009-10-12 14:17:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ZipZag [2012-04-20 07:34:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012-04-20 09:32:02 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2012-04-20 09:30:02 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2012-03-28 21:10:33 | 000,028,676 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009-10-08 17:05:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-10-08 17:05:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012-04-20 09:19:01 | 2452,172,800 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-03-03 22:37:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-03-03 22:37:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-03-03 22:37:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-18 21:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-18 21:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008-01-18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2011-04-12 18:07:38 | 000,198,656 | ---- | M] () MD5=C44D08CA89535F01155375D11D5C30AF -- C:\Users\Gosia\winlogon.exe < End of report > [/log] log z OTL: extras.txt [log] OTL Extras logfile created on: 2012-04-20 09:38:06 - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,10% Memory free 4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 3,60 Gb Free Space | 4,06% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 9,55 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %*" [HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %*" regfile [merge] -- Reg Error: Key error. scrfile [config] -- Reg Error: Key error. scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FOTOJOKER Fotoswiat] -- "C:\Program Files\Fotojoker\FOTOJOKER Fotoswiat\FOTOJOKER Fotoswiat.exe" "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\WapSter\AQQ\AQQ.exe" = C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ -- (AQQ Sp. z o.o.) "C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate "C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13D23FCA-53B8-444F-8295-3C466BAC12F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="name=@firewallapi.dll,-28539"]name=@firewallapi.dll,-28539[/email] | "{2CE24AAE-C77C-46E2-9BE9-C10996775A69}" = rport=1723 | protocol=6 | dir=out | app=system | "{3F9D0189-3480-4CFF-ADAC-17E107EA0B40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{41A34225-3A85-43D9-85B0-55A3E0E3D48D}" = lport=138 | protocol=17 | dir=in | app=system | "{523075BA-4096-4177-B995-D6D2FA83380C}" = lport=445 | protocol=6 | dir=in | app=system | "{5509144C-3644-4DFC-9658-0AA1C906DDFE}" = lport=139 | protocol=6 | dir=in | app=system | "{6591A9BE-6429-4A0D-A051-809CC7BC604F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73C7A2F5-6602-4DD0-BD43-A93FE042A01A}" = lport=1723 | protocol=6 | dir=in | app=system | "{83961414-B443-4B62-AE2F-17EC67C29520}" = lport=137 | protocol=17 | dir=in | app=system | "{9D62763D-D0DF-4423-93E8-D07EEF386A58}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A15A0CD5-1A5B-4656-8FD0-CB7B41979538}" = rport=445 | protocol=6 | dir=out | app=system | "{A59A2414-9393-4CC9-ACF5-7BE22D83E530}" = rport=139 | protocol=6 | dir=out | app=system | "{B323468F-1752-49C1-8461-9FD1953DB559}" = rport=137 | protocol=17 | dir=out | app=system | "{BCA38CB7-07FD-43CC-BDD1-449C85A4DFB5}" = rport=1701 | protocol=17 | dir=out | app=system | "{E663C26A-73C2-436D-86C0-11D94F3D6FF1}" = rport=138 | protocol=17 | dir=out | app=system | "{EF991DC8-8E8E-44BF-9285-78A2E3698E5D}" = lport=1701 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FB3BBDC-7A66-4E89-A330-FE25A879F89D}" = protocol=1 | dir=out | [email="name=@firewallapi.dll,-28544"]name=@firewallapi.dll,-28544[/email] | "{11F91CB0-34F3-46DE-BD19-C00BCE4E4846}" = protocol=58 | dir=out | [email="name=@firewallapi.dll,-28546"]name=@firewallapi.dll,-28546[/email] | "{21E2D166-887A-450E-A9CF-40DDB0629DAF}" = protocol=17 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{27693819-FE7F-4C31-83B7-2AF4E9DD5403}" = protocol=6 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{2A6E5A2F-00A0-4DB8-A8BA-4FC0144A6D61}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{525FB602-2529-4372-9CCE-F2A57964866A}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{771032D5-DADA-47B3-B317-B6C369C9F66C}" = protocol=58 | dir=in | [email="name=@firewallapi.dll,-28545"]name=@firewallapi.dll,-28545[/email] | "{7B50EE15-0D97-4AC1-ADCA-112ABD3550AF}" = protocol=1 | dir=in | [email="name=@firewallapi.dll,-28543"]name=@firewallapi.dll,-28543[/email] | "{87EB7DCC-6AF3-4BC3-A1C3-5B9474ECDE0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA56FC72-88B5-4FAF-B710-AD6B3E7018CE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{ABCD0646-97CE-4211-AD50-7FE2704AD0F8}" = protocol=17 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{CEDB63A4-DC4A-4CD9-A8FC-0572F5EB2196}" = protocol=6 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{E9911258-B96C-4C05-8EE9-AD8D74B3FA67}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{1EADAF55-A582-4B9B-B72E-C57E4C13CAEE}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{20380080-81F7-4290-83BF-19E59636F533}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{2555874A-58FD-4CAC-AE45-A51857B93D85}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{3BB897BA-9601-44B7-B8EF-46CA314FB4CF}E:\gry\cs\hlds.exe" = protocol=6 | dir=in | app=e:\gry\cs\hlds.exe | "TCP Query User{3CE05880-C97A-4537-AC29-B57650487AFA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4011E28A-3ED4-4A54-B36C-3BF675D01806}E:\gry\cs\hl.exe" = protocol=6 | dir=in | app=e:\gry\cs\hl.exe | "TCP Query User{418BECB2-AD5F-46E0-89C0-EE07761282EB}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{5AA57A4B-DE67-432A-89E2-6954D4108FC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{60CB51FB-3E28-406F-B54E-DF9D0E2F7CF0}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{61997441-0B60-47B3-9B6A-EF1357465092}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{77728166-201D-449B-8F46-474AF892204F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{8DD97830-78A3-47B3-81E7-A55845865EB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{97E78F37-7028-45D6-BB51-4883006D8E11}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{988687A8-A992-4116-81AC-0165FAD450EC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{AE42FD0E-B397-476B-8F44-0CD2D2BA05D3}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{E3642D3F-4F58-405D-829B-EB1412B2227F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{EA9F3CA5-6362-4CF5-AEC7-D9F040F122B2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F48574FC-7D56-49D8-937F-6F4DC659CC57}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{F8522DE4-C48E-4D03-B7DD-1453F4FEC867}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{025ADA7F-58DB-453B-95C8-43BAEA141DBA}E:\gry\cs\hl.exe" = protocol=17 | dir=in | app=e:\gry\cs\hl.exe | "UDP Query User{0930EED6-BBFE-429A-90FD-C456B0759765}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{18E801C7-C520-4B40-90AA-22BA49010B63}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1BDAFCA2-5F66-446E-BF37-FBD356334EF9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2216CE01-9ED9-4508-A877-5DC6B6ECFAEF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{3AEC57A4-E5C2-4C7C-9012-B0B93C65AA0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{745455CD-F418-4017-8AC0-3C241AE4A337}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7942D365-11E7-45E1-8AF6-8FBD0E9F0563}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{7E9D268C-1F39-4620-8892-03A4F2476488}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9DBA734B-1BA4-4CB8-A1D5-C56BA10A4A4E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A650947D-C073-4310-8501-0A5AE9D31239}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{A872E8B8-D8CD-46FB-8846-038766A63331}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{AA4E06F0-9886-4436-9A9F-5A175DD670CC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{AAC82437-A82D-4928-8BE6-9937A091C60A}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{C2863734-67D2-4D52-B72E-34AD2ABF25D9}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{E2781372-AEC3-4F0F-B902-7DDF35E14B47}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E5C39486-969D-49AB-B466-20384225DD0F}E:\gry\cs\hlds.exe" = protocol=17 | dir=in | app=e:\gry\cs\hlds.exe | "UDP Query User{ED1663BA-8520-45EA-BBAF-80E60121C702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{FDDD1FA6-B48D-4AB2-89FD-ABB8E8732274}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007E2169-16E4-4ACF-95BF-2E9FBC49673E}" = Adobe Setup "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 8.01.001 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10 "{1466F426-3D1E-411C-89BE-5F04261123EF}" = Adobe InDesign CS3 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan "{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5525F6BD-0627-4F48-9640-B809A834E69C}" = The Panorama Factory V5 m32 Edition "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85767617-E6B1-499E-8C1B-C92E2AAFF586}" = TuneUp Utilities Language Pack (pl-PL) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US) "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0 "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{ACCD5C00-F1E4-11DD-AA93-005056C00008}" = Paragon Partition Manager™ 10.0 Server "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7A27DE8-1A77-45E3-8CFB-72A50D1C2922}" = Jalbum "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCFB469B-85FF-4CB6-AA75-542BDE267A22}" = Easy Email Sender "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3 "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FDFCE5F3-8962-579F-8398-16310ABED56A}" = Market Samurai "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3 "ALLPlayer_is1" = ALLPlayer V4.X "appcd_2009.PL000.002" = pkt.pl na CD - CD Turystyka 2009 "CCleaner" = CCleaner (remove only) "CuteRank" = CuteRank 3.5.0 "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 "DMI Browser" = DMI Browse "doPDF 7 printer_is1" = doPDF 7.1 printer "DRUKI IPS_is1" = DRUKI IPS "DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.0.2 "Easy Email Sender" = Easy Email Sender "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.3 "FOTOJOKER Fotoswiat" = FOTOJOKER Fotoswiat "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Gadu-Gadu 10" = Gadu-Gadu 10 "GOM Player" = GOM Player "Google Updater" = Aktualizator Google "GSview 4.8" = GSview 4.8 "HDMI" = Intel® Graphics Media Accelerator Driver "InfoView" = InfoView "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "JDownloader" = JDownloader "Kaspersky Online Scanner" = Kaspersky Online Scanner "kED_is1" = kED 2.1.4.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full) "lvdrivers_12.0" = Pakiet sterowników: Logitech Webcam Software "Mahjong Garden Deluxe Free" = Mahjong Garden Deluxe Free "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Monopoly by Parker Brothers" = Monopoly by Parker Brothers "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "Mozilla Thunderbird 11.0.1 (x86 pl)" = Mozilla Thunderbird 11.0.1 (x86 pl) "OEBackupGenie_is1" = Outlook Express Backup Genie v2.0 "Opera 11.62.1347" = Opera 11.62 "PDF Combine_is1" = PDF Combine "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.10 "PowerISO" = PowerISO "Program Pit 2007 - rozliczenie roczne podatku dochodowego_is1" = 1.0.0.25 "Quick Search Box" = Okno szybkiego wyszukiwania Google "RealAlt_is1" = Real Alternative 1.8.4 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "seopowersuite" = SEO SpyGlass "SkanerOnline" = Skaner on-line mks_vir "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "Tetris 5000(v1.10 full version)" = Tetris 5000(v1.10 full version) "Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930 "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uniblue RegistryBooster" = Uniblue RegistryBooster "VATowiec Komplet_is1" = VATowiec 3.61 "VATowiec_is1" = VATowiec 3.36 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "winscp3_is1" = WinSCP 4.3.3 "XnView_is1" = XnView 1.97.6 "ZipZag_is1" = ZipZag 1.80 Archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GG" = GG "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-04-18 18:37:53 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-19 03:13:30 | Computer Name = Gosia-PC | Source = Application Hang | ID = 1002 Description = Program iexplore.exe w wersji 9.0.8112.16421 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 1168 Godzina rozpoczęcia: 01cd1df987a357f6 Godzina zakończenia: 40 Error - 2012-04-19 08:55:03 | Computer Name = Gosia-PC | Source = Application Hang | ID = 1002 Description = Program Taskmgr.exe w wersji 6.0.6001.18000 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: e18 Godzina rozpoczęcia: 01cd1e2b77711fae Godzina zakończenia: 4217 Error - 2012-04-20 01:20:22 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-20 03:29:37 | Computer Name = Gosia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, moduł powodujący błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, kod wyjątku 0xc0000005, przesunięcie błędu 0x00022699, identyfikator procesu 0xa74, godzina rozpoczęcia aplikacji 0x01cd1ec72d1fe1f4. [ System Events ] Error - 2012-04-20 01:13:55 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 01:13:55 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 01:13:55 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 01:13:55 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-04-20 01:21:41 | Computer Name = Gosia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 2012-04-20 03:19:18 | Computer Name = Gosia-PC | Source = Print | ID = 19 Description = Bufor wydruku nie może udostępnić drukarki Xerox Phaser 3117 z nazwą udostępnionego zasobu Xerox Phaser 3117. Błąd 1722. Inne osoby w sieci nie mogą korzystać z drukarki. Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > [/log] Log z RSIT: log.txt [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Gosia at 2012-04-20 10:26:11 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 4 GB (4%) free of 91 GB Total RAM: 2039 MB (22% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:28, on 2012-04-20 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Users\Gosia\winlogon.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\explorer.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Gosia\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Users\Gosia\Desktop\OTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gosia\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\calc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Gosia\Desktop\RSIT.exe C:\Program Files\trend micro\Gosia.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/"]http://startsear.ch/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - E:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll (file missing) O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - (no file) O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Gosia\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [GG] "C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [winlogon] C:\Users\Gosia\winlogon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: [url="http://asia.msi.com.tw"]http://asia.msi.com.tw[/url] O15 - Trusted Zone: [url="http://global.msi.com.tw"]http://global.msi.com.tw[/url] O15 - Trusted Zone: [url="http://www.msi.com.tw"]http://www.msi.com.tw[/url] O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset...lineScanner.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.ad...Plus/1.6/gp.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{EC3D5EA7-EC0A-4BB6-BDE9-F4DDD20D4D7D}: NameServer = 192.168.0.1 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ASKService - Adaptec, Inc. - (no file) O23 - Service: ASKUpgrade - Adaptec, Inc. - (no file) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1c99e905af1e7e0) (gupdate1c99e905af1e7e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 11433 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000UA.job C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job =========Mozilla firefox========= ProfilePath - C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default prefs.js - "browser.startup.homepage" - "[url="http://www.onet.pl"]www.onet.pl[/url]" prefs.js - "extensions.enabledItems" - "[email="firebug@software.joehewitt.com:1.6.2"]firebug@software.joehewitt.com:1.6.2[/email], {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1, [email="seoquake-plugin-seolinx@seoquake.com:1.0.2"]seoquake-plugin-seolinx@seoquake.com:1.0.2[/email], {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, [email="firesheep@codebutler.com:0.1"]firesheep@codebutler.com:0.1[/email], {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17" prefs.js - "keyword.URL" - "[url="http://search.babylon.com/?babsrc=adbartrp&AF=15627&q"]http://search.babylo...rtrp&AF=15627[/url]=" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852] "Description"=RealMedia Plugin "Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46] "Description"=RealPlayer™ LiveConnect-Enabled Plug-In "Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662] "Description"=RealPlayer Version Plugin "Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46] "Description"=6.0.12.46 "Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nppl3260.xpt nsIQTScriptablePlugin.xpt nsJSRealPlayerPlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll np32dsw.dll npdeployJava1.dll NPOFFICE.DLL nppdf32.dll nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nprpjplug.dll QuickTimePlugin.class ShockwavePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml avg-secure-search.xml babylon.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default\extensions\ [email="firesheep@codebutler.com"]firesheep@codebutler.com[/email] [email="seoquake-plugin-seolinx@seoquake.com"]seoquake-plugin-seolinx@seoquake.com[/email] {20a82645-c095-46ed-80e3-08825760534b} {317B5128-0B0B-49b2-B2DB-1E7560E16C74} {E9A1DEE0-C623-4439-8932-001E7D17607D} C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default\searchplugins\ daemon-search.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\ssBarLcher.dll [2011-06-09 177712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] IplexToALLPlayer - E:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - StartSearchToolBar - C:\Program Files\vShare.tv plugin\ssBarLcher.dll [2011-06-09 177712] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [] "KMCONFIG"=C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992] "NPSStartup"= [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552] "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2011-08-19 126976] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-10 39408] "Google Update"=C:\Users\Gosia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 136176] "GG"=C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe [2012-04-11 3213408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17148552] "ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-16 221184] "winlogon"=C:\Users\Gosia\winlogon.exe [2011-04-12 198656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe [2009-06-04 869888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crrss] C:\Windows\system32\crrss.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-26 210432] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=255 "NoDrives"=0 "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\WapSter\AQQ\AQQ.exe"="C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate" "C:\Program Files\PPMate\ppamnet.exe"="C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=lvcodec2.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "msacm.clmp3enc"=C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "VIDC.DIVX"=divx.dll "msacm.divxa32"=msaud32_divx.acm "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "VIDC.FFDS"=ff_vfw.dll "msacm.vorbis"=vorbis.acm "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux2"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux3"=wdmaud.drv "MSVideo"=vfwwdm32.dll ======File associations====== .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1" .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1" .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "E:\programy\Dreamweaver\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" .scr - config - ======List of files/folders created in the last 1 month====== 2012-04-20 10:26:12 ----D---- C:\Program Files\trend micro 2012-04-20 10:26:11 ----D---- C:\rsit 2012-04-16 22:58:25 ----D---- C:\Program Files\ESET 2012-04-16 20:19:14 ----A---- C:\Windows\ntbtlog.txt 2012-04-12 10:12:10 ----A---- C:\Windows\system32\mshtmled.dll 2012-04-12 10:12:10 ----A---- C:\Windows\system32\iertutil.dll 2012-04-12 10:12:09 ----A---- C:\Windows\system32\wininet.dll 2012-04-12 10:12:09 ----A---- C:\Windows\system32\jscript9.dll 2012-04-12 10:12:09 ----A---- C:\Windows\system32\jscript.dll 2012-04-12 10:12:08 ----A---- C:\Windows\system32\url.dll 2012-04-12 10:12:08 ----A---- C:\Windows\system32\jsproxy.dll 2012-04-12 10:12:08 ----A---- C:\Windows\system32\ieui.dll 2012-04-12 10:12:07 ----A---- C:\Windows\system32\urlmon.dll 2012-04-12 10:12:06 ----A---- C:\Windows\system32\ieframe.dll 2012-04-12 10:12:05 ----A---- C:\Windows\system32\mshtml.dll 2012-04-12 10:11:58 ----A---- C:\Windows\system32\wmi.dll 2012-04-12 10:11:58 ----A---- C:\Windows\system32\wintrust.dll 2012-04-12 10:11:58 ----A---- C:\Windows\system32\imagehlp.dll 2012-04-12 10:11:58 ----A---- C:\Windows\system32\drivers\fs_rec.sys 2012-04-12 10:11:36 ----A---- C:\Windows\system32\ntoskrnl.exe 2012-04-12 10:11:36 ----A---- C:\Windows\system32\ntkrnlpa.exe 2012-03-31 22:55:50 ----D---- C:\Program Files\Deluxe Ski Jump 4 2012-03-30 12:31:20 ----D---- C:\Program Files\Common Files\Skype 2012-03-28 20:27:26 ----A---- C:\AutoMapaSetupLog.txt 2012-03-28 08:18:27 ----D---- C:\ProgramData\GG 2012-03-26 20:02:50 ----HD---- C:\ProgramData\Common Files ======List of files/folders modified in the last 1 month====== 2012-04-20 10:26:26 ----D---- C:\Windows\Prefetch 2012-04-20 10:26:17 ----D---- C:\Windows\TEMP 2012-04-20 10:26:12 ----RD---- C:\Program Files 2012-04-20 10:03:23 ----D---- C:\Users\Gosia\AppData\Roaming\Skype 2012-04-20 09:29:34 ----D---- C:\Users\Gosia\AppData\Roaming\GG 2012-04-20 07:24:18 ----SHD---- C:\System Volume Information 2012-04-20 07:20:23 ----SHD---- C:\Windows\Installer 2012-04-19 17:00:36 ----D---- C:\Users\Gosia\AppData\Roaming\Adobe 2012-04-19 16:20:36 ----D---- C:\PILOTUJ_PL 2012-04-19 10:33:43 ----D---- C:\Users\Gosia\AppData\Roaming\CuteRank 2012-04-19 10:14:55 ----D---- C:\Program Files\CuteRank 2012-04-18 23:06:39 ----D---- C:\Program Files\JDownloader 2012-04-18 09:58:08 ----SHD---- C:\Config.Msi 2012-04-17 17:07:25 ----D---- C:\Windows\system32\catroot2 2012-04-17 14:04:05 ----D---- C:\Users\Gosia\AppData\Roaming\FileZilla 2012-04-17 01:25:09 ----D---- C:\Windows\System32 2012-04-17 00:33:59 ----D---- C:\Program Files\VideoConverter 2012-04-17 00:33:53 ----D---- C:\Windows\Tasks 2012-04-16 22:58:28 ----SD---- C:\Windows\Downloaded Program Files 2012-04-16 20:19:14 ----AD---- C:\Windows 2012-04-16 10:55:06 ----D---- C:\Program Files\Common Files\Adobe AIR 2012-04-15 09:50:58 ----A---- C:\Windows\win.ini 2012-04-14 19:37:46 ----D---- C:\Windows\inf 2012-04-14 19:37:46 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-04-13 15:45:32 ----D---- C:\Program Files\Opera 2012-04-12 10:40:55 ----D---- C:\Windows\system32\migration 2012-04-12 10:40:54 ----D---- C:\Windows\system32\drivers 2012-04-12 10:40:54 ----D---- C:\Program Files\Internet Explorer 2012-04-12 10:15:07 ----RSD---- C:\Windows\assembly 2012-04-12 10:15:07 ----D---- C:\Windows\Microsoft.NET 2012-04-12 10:12:27 ----D---- C:\Windows\winsxs 2012-04-12 10:12:23 ----D---- C:\Windows\system32\catroot 2012-04-12 10:04:22 ----A---- C:\Windows\system32\mrt.exe 2012-04-12 10:04:11 ----D---- C:\Program Files\Windows Mail 2012-03-30 12:31:22 ----RD---- C:\Program Files\Skype 2012-03-30 12:31:20 ----D---- C:\Program Files\Common Files 2012-03-30 12:31:19 ----D---- C:\ProgramData\Skype 2012-03-29 16:56:32 ----D---- C:\Program Files\Mozilla Thunderbird 2012-03-28 20:47:36 ----D---- C:\FILMY 2012-03-28 08:18:27 ----HD---- C:\ProgramData 2012-03-26 15:02:18 ----D---- C:\Users\Gosia\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 2012-03-26 14:01:33 ----D---- C:\Program Files\UnderCoverXP 2012-03-26 14:00:31 ----D---- C:\Program Files\URUSoft 2012-03-22 16:49:09 ----D---- C:\Program Files\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2009-03-24 40560] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-11 329752] R0 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2006-11-20 38400] R0 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2007-03-09 35968] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-04-18 717296] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388] R3 AgereSoftModem;Modem programowy Agere Systems; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088] R3 KMWDFilter;KMWDFilter; \??\C:\Windows\System32\Drivers\KMWDFilter.SYS [2008-03-22 17024] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 25624] R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-03-16 47360] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 StillCam;Sterownik szeregowego cyfrowego aparatu fotograficznego; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896] S3 as2ktgea;as2ktgea; C:\Windows\system32\drivers\as2ktgea.sys [] S3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 catchme;catchme; C:\Windows\system32\drivers\catchme.sys [] S3 dot4;Sterownik MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584] S3 Dot4Print;Sterownik klasy drukowania dla IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384] S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2009-05-01 114712] S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-05-01 265496] S3 LVUVC;Logitech Webcam 250(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-05-01 6754712] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-30 113792] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2006-11-02 53504] S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-28 40960] S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 usbaudio;Sterownik audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472] R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136] R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960] R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\nlssrv32.exe [2009-06-07 61440] R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro\o2flash.exe [2007-02-12 65536] R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-01-19 1043784] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate1c99e905af1e7e0;Google Update Service (gupdate1c99e905af1e7e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-06 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856] S3 aspnet_state;Usuga stanu ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-03 654848] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-06 133104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-11-14 68096] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2011-10-18 435016] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- [/log] log z RSIT: info.txt [log] info.txt logfile of random's system information tool 1.09 2012-04-20 10:26:37 ======Uninstall list====== -->C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe 1.0.0.25-->"C:\Program Files\Gofin\Pit2007\unins000.exe" Adobe Acrobat Distiller 6.0-->MsiExec.exe /I{AC76D478-1033-0000-3478-000000000001} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C} Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE} Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114} Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe -maintain plugin Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\c6130331409d42b2f62a7cc73ec2c87\Setup.exe Adobe InDesign CS3-->MsiExec.exe /I{1466F426-3D1E-411C-89BE-5F04261123EF} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Reader 9.5.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A95000000001} Adobe Setup-->MsiExec.exe /I{007E2169-16E4-4ACF-95BF-2E9FBC49673E} Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696} Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Aktualizator Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall ALLPlayer V4.X-->"E:\programy\ALLPlayer\unins000.exe" Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9 CuteRank 3.5.0-->C:\Program Files\CuteRank\uninst.exe Deluxe Ski Jump 4-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe" DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} DMI Browse-->C:\Windows\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu" doPDF 7.1 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe" DRUKI IPS-->"C:\Program Files\IPSPI\FORMUL.IPS\unins000.exe" DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall DVDFab Platinum 4.1.0.2-->"C:\Program Files\DVDFab Platinum 4\unins000.exe" Easy Email Sender-->"C:\ProgramData\{58E408B3-8293-456A-BDA8-EEEC3BB2A4D5}\EasyEmailSender.exe" REMOVE=TRUE MODIFY=FALSE ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909} FileZilla Client 3.5.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe FOTOJOKER Fotoswiat-->"C:\Program Files\Fotojoker\FOTOJOKER Fotoswiat\uninstall.exe" Free Monitor for Google 2.5-->"C:\Program Files\Free Monitor for Google\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GSview 4.8-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" InfoView-->C:\Windows\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu" Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Jalbum-->MsiExec.exe /I{B7A27DE8-1A77-45E3-8CFB-72A50D1C2922} Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018F0} Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java™ 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} JDownloader-->C:\Program Files\JDownloader\uninstall.exe Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe kED 2.1.4.0-->"C:\Program Files\kED\unins000.exe" K-Lite Codec Pack 4.3.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC} Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL Market Samurai-->msiexec /qb /x {FDFCE5F3-8962-579F-8398-16310ABED56A} Market Samurai-->MsiExec.exe /I{FDFCE5F3-8962-579F-8398-16310ABED56A} MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Monopoly by Parker Brothers-->D:\Gry\MONOPO~1\UNWISE.EXE /U D:\Gry\MONOPO~1\INSTALL.LOG Mouse Driver-->C:\Program Files\InstallShield Installation Information\{55BFC356-5A7B-482F-A213-9ACFDDFF6037}\setup.exe -runfromtemp -l0x0409 Mozilla Firefox 11.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird 11.0.1 (x86 pl)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Norton Security Scan-->MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380} O2Micro Flash Memory Card Reader Driver Installer(x86)-->MsiExec.exe /X{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D} Okno szybkiego wyszukiwania Google-->"C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBoxSetup.exe" /force /standalone /uninstall OpenOffice.org 3.3-->MsiExec.exe /I{EB87675F-5281-4767-A54B-31931794C23D} Opera 11.62-->"C:\Program Files\Opera\Opera.exe" /uninstall Outlook Express Backup Genie v2.0-->"C:\Program Files\Outlook Express Backup Genie\unins000.exe" Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe Pakiet sterowników: Logitech Webcam Software-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_12.0" /clone_wait /hide_progress Paragon Partition Manager™ 10.0 Server-->MsiExec.exe /I{ACCD5C00-F1E4-11DD-AA93-005056C00008} PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} PDF Combine-->"E:\programy\PDF Combine\unins000.exe" PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9} PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall PITy 2008 dla Windows kompilacja:1.0.2.10-->"C:\Program Files\PITy\PITy2008NG\unins000.exe" pkt.pl na CD - CD Turystyka 2009-->D:\PKT\PKTPL\cd turystyka 2009\install.exe uninstall Płatnik 8.01.001-->C:\Program Files\InstallShield Installation Information\{05381030-963D-4779-BECA-0D7D49268EDB}\setup.exe -runfromtemp -l0x0015 -removeonly Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerBackup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall PowerDVD Copy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} Real Alternative 1.8.4-->"C:\Program Files\Real Alternative\unins000.exe" Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0015 -removeonly Revo Uninstaller Pro 2.5.7-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe" SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0415 -removeonly Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612} Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0415 -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP SEO SpyGlass-->"C:\Program Files\SEO PowerSuite\Uninstall.exe" Skaner on-line mks_vir-->C:\Windows\system32\SkanerOnlineUninstall.exe Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.8-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Sothink SWF Decompiler-->"E:\programy\Sothink SWF Decompiler\unins000.exe" SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe" System Control Manager-->C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly System Requirements Lab for Intel-->MsiExec.exe /I{F7FC9307-374E-4017-8E9D-DE1154780480} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Tetris 5000(v1.10 full version)-->D:\Gry\Tetris 5000(v1.10 full version)\uninstal.exe The Panorama Factory V5 m32 Edition-->MsiExec.exe /I{5525F6BD-0627-4F48-9640-B809A834E69C} Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Total Video Converter 3.14 080930-->"C:\Program Files\Total Video Converter\unins000.exe" TP-LINK Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}\setup.exe" -l0x9 -removeonly TuneUp Utilities 2012-->C:\Program Files\TuneUp Utilities 2012\TUInstallHelper.exe --Trigger-Uninstall TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall Uniblue RegistryBooster-->"C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe" REMOVE=TRUE MODIFY=FALSE Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} VATowiec 3.36-->"C:\BR\unins000.exe" VATowiec 3.61-->"C:\BR\unins001.exe" VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Vuze-->C:\Program Files\Vuze\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinSCP 4.3.3-->"C:\Program Files\WinSCP\unins000.exe" XnView 1.97.6-->"C:\Program Files\XnView\unins000.exe" ZipZag 1.80 Archiver-->"C:\Program Files\ZipZag\unins000.exe" ======Security center information====== AS: Windows Defender (disabled) ======System event log====== Computer Name: Gosia-PC Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 706270 Source Name: cdrom Time Written: 20111116164711.530581-000 Event Type: Błąd User: Computer Name: Gosia-PC Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 706269 Source Name: cdrom Time Written: 20111116164711.182581-000 Event Type: Błąd User: Computer Name: Gosia-PC Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 706268 Source Name: cdrom Time Written: 20111116164710.782581-000 Event Type: Błąd User: Computer Name: Gosia-PC Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 706267 Source Name: cdrom Time Written: 20111116164710.385581-000 Event Type: Błąd User: Computer Name: Gosia-PC Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 706266 Source Name: cdrom Time Written: 20111116164709.736581-000 Event Type: Błąd User: =====Application event log===== Computer Name: Gosia-PC Event Code: 0 Message: Record Number: 209577 Source Name: gupdate1c99e905af1e7e0 Time Written: 20110527054735.000000-000 Event Type: Informacje User: Computer Name: Gosia-PC Event Code: 1 Message: Klient usług certyfikatów został uruchomiony pomyślnie. Record Number: 209576 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20110527054725.427060-000 Event Type: Informacje User: Gosia-PC\Gosia Computer Name: Gosia-PC Event Code: 1 Message: Klient usług certyfikatów został uruchomiony pomyślnie. Record Number: 209575 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20110527054628.373060-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: Gosia-PC Event Code: 1003 Message: Usługa Windows Search została uruchomiona. Record Number: 209574 Source Name: Microsoft-Windows-Search Time Written: 20110527054547.000000-000 Event Type: Informacje User: Computer Name: Gosia-PC Event Code: 7500 Message: Record Number: 209573 Source Name: IAANTmon Time Written: 20110527054534.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: Gosia-PC Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GOSIA-PC$ Domena konta: BOBIK Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x2c8 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 225115 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111011065356.608619-000 Event Type: Sukces inspekcji User: Computer Name: Gosia-PC Event Code: 4648 Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GOSIA-PC$ Domena konta: BOBIK Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Konto, którego poświadczenia zostały użyte: Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Serwer docelowy: Nazwa serwera docelowego: localhost Informacje dodatkowe: localhost Informacje o procesie: Identyfikator procesu: 0x2c8 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Adres sieciowy: - Port: - To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS. Record Number: 225114 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111011065356.608619-000 Event Type: Sukces inspekcji User: Computer Name: Gosia-PC Event Code: 5038 Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym. Nazwa pliku: \Device\HarddiskVolume2\Windows\System32\FsUsbExDisk.Sys Record Number: 225113 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111011065023.154819-000 Event Type: Niepowodzenie inspekcji User: Computer Name: Gosia-PC Event Code: 5038 Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym. Nazwa pliku: \Device\HarddiskVolume2\Windows\System32\drivers\MGHwCtrl.sys Record Number: 225112 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111011065020.721219-000 Event Type: Niepowodzenie inspekcji User: Computer Name: Gosia-PC Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 225111 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20111011065017.242419-000 Event Type: Sukces inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "configsetroot"=%SystemRoot%\ConfigSetRoot "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log]
Gość komentarz 20 kwietnia 2012 komentarz 20 kwietnia 2012 Uruchom OTL i w oknie [b]Własne opcje skanowania/skrypt[/b] wklej: [code]:Files C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job C:\Users\Gosia\winlogon.exe :OTL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-21-777273053-2809330852-579202895-1000..\Run: [winlogon] C:\Users\Gosia\winlogon.exe () O20 - HKU\S-1-5-21-777273053-2809330852-579202895-1000 Winlogon: Shell - ("C:\Users\Gosia\winlogon.exe") - C:\Users\Gosia\winlogon.exe () O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\AutoRun\command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\open\Command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{cf69978f-8b50-11df-9025-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{d9bb8940-a130-11df-8a7c-001d924b4316}\Shell - "" = Autorun :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b] 2. Pobierz[b] AdwCleaner[/b] i wykonaj nim skan z opcji [b]Search.[/b] Przedstaw raport http://general-changelog-team.fr/outils/289-adwcleaner
bobstar komentarz 20 kwietnia 2012 Autor komentarz 20 kwietnia 2012 Dzięki za pomoc. najpierw wykonałem skrypt (wylogowało mnie, musiałem dac nowy proces explorer.exe aby wejsc do pulpitu) zrobiłem skan adwCleaner [log] # AdwCleaner v1.602 - Logfile created 04/20/2012 at 11:23:52 # Updated 19/04/2012 by Xplode # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # User : Gosia - GOSIA-PC # Running from : C:\Users\Gosia\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** Found : AskService Found : AskUpgrade ***** [Files / Folders] ***** Folder Found : C:\Users\Gosia\AppData\LocalLow\BabylonToolbar Folder Found : C:\Program Files\AskBarDis Folder Found : C:\Program Files\Babylon File Found : C:\Users\Gosia\AppData\Local\Temp\Uninstall.exe File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [H. Navipromo] ***** ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\AppDataLow\AskBarDis Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1 Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1 Key Found : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/ -\\ Mozilla Firefox v11.0 (pl) ## File : C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default\prefs.js Found : user_pref("browser.babylon.HPOnNewTab", "1"); Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...] Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("extensions.snipit.askTbInstalled", true); Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=15627&q="); -\\ Google Chrome v18.0.1025.162 ## File : C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...] Found : "128": "babylon48.png", Found : "48": "babylon48.png" Found : "name": "Babylon Translator", Found : "path": "BabylonChromePI.dll", Found : "name": "Babylon Chrome Plugin", Found : "path": "C:\\Users\\Gosia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\[...] Found : "name": "Babylon Chrome Plugin" -\\ Opera v11.62.1347.0 ## File : C:\Users\Gosia\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5755 octets] - [20/04/2012 11:23:52] ########## EOF - C:\AdwCleaner[R1].txt - [5883 octets] ########## [/log]
Gość komentarz 20 kwietnia 2012 komentarz 20 kwietnia 2012 [quote]Dzięki za pomoc. najpierw wykonałem skrypt (wylogowało mnie, musiałem dac nowy proces explorer.exe aby wejsc do pulpitu)[/quote] Po co tak ma być OTL zamyka wszystkie procesy. Usuwanie następuje poza system po restarcie wszystko sie pojawi samo. Nic nie trzeba robić. Daj nowy skan [b]OTL wg tej instrukcji[/b] http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1
bobstar komentarz 20 kwietnia 2012 Autor komentarz 20 kwietnia 2012 ok, poniżej logi: [log] OTL logfile created on: 2012-04-20 13:07:57 - Run 2 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,29% Memory free 4,22 Gb Paging File | 2,88 Gb Available in Paging File | 68,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 3,38 Gb Free Space | 3,80% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 9,55 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-20 12:56:28 | 000,047,712 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\ggapp.exe PRC - [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe PRC - [2012-04-16 22:50:11 | 003,086,432 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\ggdrive\ggdrive.exe PRC - [2012-04-11 08:57:58 | 003,213,408 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe PRC - [2012-03-03 12:05:37 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe PRC - [2012-02-24 19:58:24 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011-04-12 18:07:38 | 000,198,656 | ---- | M] () -- C:\Users\Gosia\winlogon.exe PRC - [2010-01-19 18:29:02 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008-06-14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe PRC - [2008-05-30 01:22:32 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe PRC - [2008-05-30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe PRC - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe PRC - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro\o2flash.exe PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe PRC - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () -- C:\Program Files\System Control Manager\edd.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-20 12:56:37 | 001,900,544 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\xulrunner\mozjs.dll MOD - [2012-03-28 08:17:34 | 000,135,168 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\ggdrive\zlib1.dll MOD - [2012-03-16 11:31:56 | 008,526,720 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011-04-12 18:07:38 | 000,198,656 | ---- | M] () -- C:\Users\Gosia\winlogon.exe MOD - [2008-06-16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Mouse Driver\MouseHook.dll MOD - [2007-03-29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Mouse Driver\keydll.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R) SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade) SRV - File not found [Auto | Stopped] -- -- (ASKService) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-11-16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011-10-18 10:16:06 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010-01-19 18:24:12 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-11-14 15:29:06 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-03 21:36:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro\o2flash.exe -- (o2flash) SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\edd.exe -- (NishService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5p2tvy0) DRV - [2009-12-30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-05-01 01:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC) DRV - [2009-05-01 01:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009-05-01 01:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009-04-30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-24 20:07:38 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009-03-20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-01-13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-04-18 12:30:29 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008-03-22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-03-09 08:01:00 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2007-03-05 15:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-12-22 06:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-11-30 20:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006-11-20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006-11-20 09:14:08 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2006-11-02 18:41:00 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006-11-02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-10-28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-10-10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006-10-05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2005-08-01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-01-06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://startsear.ch/"]http://startsear.ch/[/url] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q={searchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"]http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_plPL325"]http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_plPL325[/url] IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q={searchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=32904b96a97447d08753d154d4afaae5-be72f898c1c2c2df576d9b216766416aed369e44&lang=pl&ds=gm011&pr=sa&d=2012-03-26"]http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=32904b96a97447d08753d154d4afaae5-be72f898c1c2c2df576d9b216766416aed369e44&lang=pl&ds=gm011&pr=sa&d=2012-03-26[/url] 20:03:05&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-22 16:49:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-14 13:55:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-04-16 22:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions [2010-04-29 09:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-11 11:48:50 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2008-12-23 12:28:35 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011-01-10 11:12:01 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\firesheep@codebutler.com [2009-12-04 13:35:13 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\seoquake-plugin-seolinx@seoquake.com [2012-01-17 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-30 12:31:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-22 16:49:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-07 12:19:18 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-26 20:03:00 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2010-12-27 10:02:05 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-10-07 12:19:18 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-10-07 12:19:18 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-07 12:19:18 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-07 12:19:18 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-07 12:19:18 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = [url="http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms"]http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms[/url]} CHR - default_search_provider: suggest_url = [url="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding"]http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding[/url]} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Translator = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Edit This Cookie = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.14.8_0\ CHR - Extension: Skype Click to Call = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: SEO SERP = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg\0.14.4_0\ CHR - Extension: Gmail = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - E:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-777273053-2809330852-579202895-1000..\Run: [GG] C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O4 - HKU\S-1-5-21-777273053-2809330852-579202895-1000..\Run: [winlogon] C:\Users\Gosia\winlogon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([asia.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([global.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: com.tw ([www.msi] http in Local intranet) O15 - HKU\S-1-5-21-777273053-2809330852-579202895-1000\..Trusted Domains: google.pl ([www] https in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC3D5EA7-EC0A-4BB6-BDE9-F4DDD20D4D7D}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDA372CA-4DD5-4BCA-B90E-9B4BE5AFD8FA}: DhcpNameServer = 8.8.8.8 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-777273053-2809330852-579202895-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-777273053-2809330852-579202895-1000 Winlogon: Shell - ("C:\Users\Gosia\winlogon.exe") - C:\Users\Gosia\winlogon.exe () O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-03-28 21:10:33 | 000,028,676 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\AutoRun\command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\Shell\open\Command - "" = WScript.exe .\`.vbs O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{cf69978f-8b50-11df-9025-001d924b4316}\Shell - "" = AutoRun O33 - MountPoints2\{d9bb8940-a130-11df-8a7c-001d924b4316}\Shell - "" = Autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-20 11:17:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-20 10:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012-04-20 10:26:11 | 000,000,000 | ---D | C] -- C:\rsit [2012-04-20 09:35:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-16 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-04-12 10:12:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-04-12 10:12:09 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-04-12 10:12:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-04-12 10:12:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-04-12 10:12:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-04-12 10:12:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-04-12 10:11:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-04-12 10:11:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-03-31 22:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2012-03-31 22:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [2012-03-31 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Deluxe Ski Jump 4 [2012-03-30 12:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-03-30 12:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012-03-28 08:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-03-28 08:17:56 | 000,000,000 | --SD | C] -- C:\Users\Gosia\GG dysk [2012-03-26 20:02:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-20 13:14:36 | 007,340,032 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT [2012-04-20 13:12:03 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000UA.job [2012-04-20 13:02:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-04-20 12:51:09 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-04-20 12:51:09 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2012-04-20 12:51:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2012-04-20 12:51:06 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-04-20 12:51:06 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-04-20 12:51:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-04-20 12:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-04-20 11:50:29 | 000,524,288 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2012-04-20 11:50:29 | 000,065,536 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2012-04-20 11:50:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-04-20 11:49:36 | 003,473,023 | -H-- | M] () -- C:\Users\Gosia\AppData\Local\IconCache.db [2012-04-20 11:23:16 | 000,582,891 | ---- | M] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-04-20 10:25:37 | 000,781,383 | ---- | M] () -- C:\Users\Gosia\Desktop\RSIT.exe [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-19 22:32:33 | 000,116,736 | ---- | M] () -- C:\Users\Gosia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-19 20:12:02 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000Core.job [2012-04-19 13:41:00 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012-04-16 21:38:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-04-15 09:50:58 | 000,000,341 | ---- | M] () -- C:\Windows\win.ini [2012-04-14 19:37:46 | 001,617,034 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-04-14 19:37:46 | 000,714,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-04-14 19:37:46 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-04-14 19:37:46 | 000,152,718 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-04-14 19:37:46 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-03-28 08:51:49 | 000,100,983 | ---- | M] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | M] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-20 11:23:16 | 000,582,891 | ---- | C] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-04-20 10:25:33 | 000,781,383 | ---- | C] () -- C:\Users\Gosia\Desktop\RSIT.exe [2012-04-18 09:58:08 | 000,001,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk [2012-04-16 21:38:41 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-03-28 08:51:49 | 000,100,983 | ---- | C] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | C] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [2011-11-06 22:33:20 | 000,001,958 | ---- | C] () -- C:\Windows\System32\enbseries.ini [2011-09-25 00:51:40 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-09-25 00:51:40 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-06-23 21:12:33 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2011-06-23 21:12:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2011-06-23 21:12:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2011-06-23 21:12:30 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll [2011-06-23 21:12:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\libvorbis.dll [2011-06-23 21:12:29 | 000,147,522 | ---- | C] () -- C:\Windows\System32\language.ini [2011-06-23 21:12:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LameEncShim.dll [2011-06-23 21:12:28 | 000,688,128 | ---- | C] () -- C:\Windows\System32\ia32math.dll [2011-06-23 21:12:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011-06-23 21:12:24 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll [2011-06-20 22:46:28 | 000,000,600 | ---- | C] () -- C:\Users\Gosia\AppData\Roaming\winscp.rnd [2010-10-27 10:06:29 | 000,004,096 | -H-- | C] () -- C:\Users\Gosia\AppData\Local\keyfile3.drm [2010-06-16 17:24:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010-06-07 16:46:43 | 000,000,680 | ---- | C] () -- C:\Users\Gosia\AppData\Local\d3d9caps.dat [2010-05-12 14:30:21 | 003,473,023 | -H-- | C] () -- C:\Users\Gosia\AppData\Local\IconCache.db [2010-05-12 00:10:00 | 000,093,656 | ---- | C] () -- C:\Users\Gosia\AppData\Local\GDIPFONTCACHEV1.DAT [color=#E56717]========== LOP Check ==========[/color] [2009-02-04 00:01:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\2K Sports [2011-03-11 10:57:14 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Azureus [2008-06-28 12:50:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Blumentals [2010-07-15 08:25:17 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Bytemobile [2012-04-19 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\CuteRank [2008-04-18 12:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\DAEMON Tools [2010-07-15 08:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ERA [2011-12-12 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\EurekaLog [2012-04-17 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\FileZilla [2011-06-08 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Free Monitor for Google [2008-03-03 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu [2010-04-27 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu 10 [2008-04-04 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GameHouse [2012-04-20 12:57:58 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GG [2008-06-21 00:16:39 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GHISLER [2010-07-10 10:26:08 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\JAlbum [2008-11-17 23:29:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Leadertech [2012-03-26 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2009-05-30 11:56:56 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\My Games [2010-06-26 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenFM [2010-05-21 01:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenOffice.org [2010-05-28 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Opera [2009-09-21 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PC Suite [2008-03-26 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PeerNetworking [2009-11-12 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Piechnat Soft [2008-03-01 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Pogo Games [2009-06-08 02:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PPMate [2010-11-11 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Raptr [2009-09-21 19:03:19 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Samsung [2008-08-22 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Silver Style Entertainment [2010-08-16 14:57:12 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softland [2009-03-10 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\SoftMaker [2010-06-02 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softplicity [2010-08-19 15:41:30 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Thunderbird [2011-10-18 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\TuneUp Software [2011-06-29 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Uniblue [2011-06-14 09:32:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\VS Revo Group [2009-06-09 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Vso [2010-08-18 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\XnView [2009-10-12 14:17:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ZipZag [2012-04-20 11:50:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012-04-20 12:51:08 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2012-04-20 12:51:09 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log] OTL Extras logfile created on: 2012-04-20 13:07:57 - Run 2 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,29% Memory free 4,22 Gb Paging File | 2,88 Gb Available in Paging File | 68,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 3,38 Gb Free Space | 3,80% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 9,55 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %*" [HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %*" regfile [merge] -- Reg Error: Key error. scrfile [config] -- Reg Error: Key error. scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FOTOJOKER Fotoswiat] -- "C:\Program Files\Fotojoker\FOTOJOKER Fotoswiat\FOTOJOKER Fotoswiat.exe" "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\WapSter\AQQ\AQQ.exe" = C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ -- (AQQ Sp. z o.o.) "C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate "C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13D23FCA-53B8-444F-8295-3C466BAC12F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="name=@firewallapi.dll,-28539"]name=@firewallapi.dll,-28539[/email] | "{2CE24AAE-C77C-46E2-9BE9-C10996775A69}" = rport=1723 | protocol=6 | dir=out | app=system | "{3F9D0189-3480-4CFF-ADAC-17E107EA0B40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{41A34225-3A85-43D9-85B0-55A3E0E3D48D}" = lport=138 | protocol=17 | dir=in | app=system | "{523075BA-4096-4177-B995-D6D2FA83380C}" = lport=445 | protocol=6 | dir=in | app=system | "{5509144C-3644-4DFC-9658-0AA1C906DDFE}" = lport=139 | protocol=6 | dir=in | app=system | "{6591A9BE-6429-4A0D-A051-809CC7BC604F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73C7A2F5-6602-4DD0-BD43-A93FE042A01A}" = lport=1723 | protocol=6 | dir=in | app=system | "{83961414-B443-4B62-AE2F-17EC67C29520}" = lport=137 | protocol=17 | dir=in | app=system | "{9D62763D-D0DF-4423-93E8-D07EEF386A58}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A15A0CD5-1A5B-4656-8FD0-CB7B41979538}" = rport=445 | protocol=6 | dir=out | app=system | "{A59A2414-9393-4CC9-ACF5-7BE22D83E530}" = rport=139 | protocol=6 | dir=out | app=system | "{B323468F-1752-49C1-8461-9FD1953DB559}" = rport=137 | protocol=17 | dir=out | app=system | "{BCA38CB7-07FD-43CC-BDD1-449C85A4DFB5}" = rport=1701 | protocol=17 | dir=out | app=system | "{E663C26A-73C2-436D-86C0-11D94F3D6FF1}" = rport=138 | protocol=17 | dir=out | app=system | "{EF991DC8-8E8E-44BF-9285-78A2E3698E5D}" = lport=1701 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FB3BBDC-7A66-4E89-A330-FE25A879F89D}" = protocol=1 | dir=out | [email="name=@firewallapi.dll,-28544"]name=@firewallapi.dll,-28544[/email] | "{11F91CB0-34F3-46DE-BD19-C00BCE4E4846}" = protocol=58 | dir=out | [email="name=@firewallapi.dll,-28546"]name=@firewallapi.dll,-28546[/email] | "{21E2D166-887A-450E-A9CF-40DDB0629DAF}" = protocol=17 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{27693819-FE7F-4C31-83B7-2AF4E9DD5403}" = protocol=6 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{2A6E5A2F-00A0-4DB8-A8BA-4FC0144A6D61}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{525FB602-2529-4372-9CCE-F2A57964866A}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{771032D5-DADA-47B3-B317-B6C369C9F66C}" = protocol=58 | dir=in | [email="name=@firewallapi.dll,-28545"]name=@firewallapi.dll,-28545[/email] | "{7B50EE15-0D97-4AC1-ADCA-112ABD3550AF}" = protocol=1 | dir=in | [email="name=@firewallapi.dll,-28543"]name=@firewallapi.dll,-28543[/email] | "{87EB7DCC-6AF3-4BC3-A1C3-5B9474ECDE0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA56FC72-88B5-4FAF-B710-AD6B3E7018CE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{ABCD0646-97CE-4211-AD50-7FE2704AD0F8}" = protocol=17 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{CEDB63A4-DC4A-4CD9-A8FC-0572F5EB2196}" = protocol=6 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{E9911258-B96C-4C05-8EE9-AD8D74B3FA67}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{1EADAF55-A582-4B9B-B72E-C57E4C13CAEE}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{20380080-81F7-4290-83BF-19E59636F533}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{2555874A-58FD-4CAC-AE45-A51857B93D85}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{3BB897BA-9601-44B7-B8EF-46CA314FB4CF}E:\gry\cs\hlds.exe" = protocol=6 | dir=in | app=e:\gry\cs\hlds.exe | "TCP Query User{3CE05880-C97A-4537-AC29-B57650487AFA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4011E28A-3ED4-4A54-B36C-3BF675D01806}E:\gry\cs\hl.exe" = protocol=6 | dir=in | app=e:\gry\cs\hl.exe | "TCP Query User{418BECB2-AD5F-46E0-89C0-EE07761282EB}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{5AA57A4B-DE67-432A-89E2-6954D4108FC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{60CB51FB-3E28-406F-B54E-DF9D0E2F7CF0}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{61997441-0B60-47B3-9B6A-EF1357465092}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{77728166-201D-449B-8F46-474AF892204F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{8DD97830-78A3-47B3-81E7-A55845865EB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{97E78F37-7028-45D6-BB51-4883006D8E11}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{988687A8-A992-4116-81AC-0165FAD450EC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{AE42FD0E-B397-476B-8F44-0CD2D2BA05D3}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{E3642D3F-4F58-405D-829B-EB1412B2227F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{EA9F3CA5-6362-4CF5-AEC7-D9F040F122B2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F48574FC-7D56-49D8-937F-6F4DC659CC57}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{F8522DE4-C48E-4D03-B7DD-1453F4FEC867}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{025ADA7F-58DB-453B-95C8-43BAEA141DBA}E:\gry\cs\hl.exe" = protocol=17 | dir=in | app=e:\gry\cs\hl.exe | "UDP Query User{0930EED6-BBFE-429A-90FD-C456B0759765}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{18E801C7-C520-4B40-90AA-22BA49010B63}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1BDAFCA2-5F66-446E-BF37-FBD356334EF9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2216CE01-9ED9-4508-A877-5DC6B6ECFAEF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{3AEC57A4-E5C2-4C7C-9012-B0B93C65AA0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{745455CD-F418-4017-8AC0-3C241AE4A337}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7942D365-11E7-45E1-8AF6-8FBD0E9F0563}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{7E9D268C-1F39-4620-8892-03A4F2476488}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9DBA734B-1BA4-4CB8-A1D5-C56BA10A4A4E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A650947D-C073-4310-8501-0A5AE9D31239}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{A872E8B8-D8CD-46FB-8846-038766A63331}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{AA4E06F0-9886-4436-9A9F-5A175DD670CC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{AAC82437-A82D-4928-8BE6-9937A091C60A}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{C2863734-67D2-4D52-B72E-34AD2ABF25D9}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{E2781372-AEC3-4F0F-B902-7DDF35E14B47}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E5C39486-969D-49AB-B466-20384225DD0F}E:\gry\cs\hlds.exe" = protocol=17 | dir=in | app=e:\gry\cs\hlds.exe | "UDP Query User{ED1663BA-8520-45EA-BBAF-80E60121C702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{FDDD1FA6-B48D-4AB2-89FD-ABB8E8732274}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007E2169-16E4-4ACF-95BF-2E9FBC49673E}" = Adobe Setup "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 8.01.001 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10 "{1466F426-3D1E-411C-89BE-5F04261123EF}" = Adobe InDesign CS3 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan "{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5525F6BD-0627-4F48-9640-B809A834E69C}" = The Panorama Factory V5 m32 Edition "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85767617-E6B1-499E-8C1B-C92E2AAFF586}" = TuneUp Utilities Language Pack (pl-PL) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US) "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0 "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{ACCD5C00-F1E4-11DD-AA93-005056C00008}" = Paragon Partition Manager™ 10.0 Server "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7A27DE8-1A77-45E3-8CFB-72A50D1C2922}" = Jalbum "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCFB469B-85FF-4CB6-AA75-542BDE267A22}" = Easy Email Sender "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3 "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FDFCE5F3-8962-579F-8398-16310ABED56A}" = Market Samurai "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3 "ALLPlayer_is1" = ALLPlayer V4.X "appcd_2009.PL000.002" = pkt.pl na CD - CD Turystyka 2009 "CCleaner" = CCleaner (remove only) "CuteRank" = CuteRank 3.5.0 "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 "DMI Browser" = DMI Browse "doPDF 7 printer_is1" = doPDF 7.1 printer "DRUKI IPS_is1" = DRUKI IPS "DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.0.2 "Easy Email Sender" = Easy Email Sender "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.3 "FOTOJOKER Fotoswiat" = FOTOJOKER Fotoswiat "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Gadu-Gadu 10" = Gadu-Gadu 10 "GOM Player" = GOM Player "Google Updater" = Aktualizator Google "GSview 4.8" = GSview 4.8 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InfoView" = InfoView "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "JDownloader" = JDownloader "Kaspersky Online Scanner" = Kaspersky Online Scanner "kED_is1" = kED 2.1.4.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full) "lvdrivers_12.0" = Pakiet sterowników: Logitech Webcam Software "Mahjong Garden Deluxe Free" = Mahjong Garden Deluxe Free "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Monopoly by Parker Brothers" = Monopoly by Parker Brothers "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "Mozilla Thunderbird 11.0.1 (x86 pl)" = Mozilla Thunderbird 11.0.1 (x86 pl) "OEBackupGenie_is1" = Outlook Express Backup Genie v2.0 "Opera 11.62.1347" = Opera 11.62 "PDF Combine_is1" = PDF Combine "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.10 "PowerISO" = PowerISO "Program Pit 2007 - rozliczenie roczne podatku dochodowego_is1" = 1.0.0.25 "Quick Search Box" = Okno szybkiego wyszukiwania Google "RealAlt_is1" = Real Alternative 1.8.4 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "seopowersuite" = SEO SpyGlass "SkanerOnline" = Skaner on-line mks_vir "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "Tetris 5000(v1.10 full version)" = Tetris 5000(v1.10 full version) "Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930 "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uniblue RegistryBooster" = Uniblue RegistryBooster "VATowiec Komplet_is1" = VATowiec 3.61 "VATowiec_is1" = VATowiec 3.36 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "winscp3_is1" = WinSCP 4.3.3 "XnView_is1" = XnView 1.97.6 "ZipZag_is1" = ZipZag 1.80 Archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GG" = GG "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-04-18 18:37:53 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-18 18:38:09 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-19 03:13:30 | Computer Name = Gosia-PC | Source = Application Hang | ID = 1002 Description = Program iexplore.exe w wersji 9.0.8112.16421 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 1168 Godzina rozpoczęcia: 01cd1df987a357f6 Godzina zakończenia: 40 Error - 2012-04-19 08:55:03 | Computer Name = Gosia-PC | Source = Application Hang | ID = 1002 Description = Program Taskmgr.exe w wersji 6.0.6001.18000 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: e18 Godzina rozpoczęcia: 01cd1e2b77711fae Godzina zakończenia: 4217 Error - 2012-04-20 01:20:22 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-20 03:29:37 | Computer Name = Gosia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, moduł powodujący błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, kod wyjątku 0xc0000005, przesunięcie błędu 0x00022699, identyfikator procesu 0xa74, godzina rozpoczęcia aplikacji 0x01cd1ec72d1fe1f4. [ System Events ] Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 03:20:46 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-04-20 05:17:27 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7034 Description = Error - 2012-04-20 06:52:33 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 06:52:33 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 06:52:33 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-20 06:52:33 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-04-20 06:55:22 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7009 Description = Error - 2012-04-20 06:55:22 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > [/log] proszę o info co dalej
Gość komentarz 20 kwietnia 2012 komentarz 20 kwietnia 2012 [quote]proszę o info co dalej [/quote] Powtórz wykonanie skryptu. uruchom OTL w klej skrypt, kliknij w [b]Wykonaj skrypt.[/b] OTL poprosi o zatwierdzenie restartu. Kliknij [b]OK[/b] i czekaj. Po ponownym uruchomieniu systemu, OTL wygeneruje log z usuwania. Zapisz go i dołacz do posta.
bobstar komentarz 21 kwietnia 2012 Autor komentarz 21 kwietnia 2012 oto log [log] All processes killed ========== FILES ========== File\Folder C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File\Folder C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found. File\Folder C:\Users\Gosia\winlogon.exe not found. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully. C:\Program Files\vShare.tv plugin\ssBarLcher.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IAAnotif deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully. File C:\Users\Gosia\winlogon.exe not found. Registry value HKEY_USERS\S-1-5-21-777273053-2809330852-579202895-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Gosia\winlogon.exe" deleted successfully. File C:\Users\Gosia\winlogon.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28256b56-8c5b-11dd-858e-001d924b4316}\ not found. File WScript.exe .\`.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28256b56-8c5b-11dd-858e-001d924b4316}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28256b56-8c5b-11dd-858e-001d924b4316}\ not found. File WScript.exe .\`.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2e19fe-7f15-11dd-afab-001d924b4316}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2e19fe-7f15-11dd-afab-001d924b4316}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2e19fe-7f15-11dd-afab-001d924b4316}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf69978f-8b50-11df-9025-001d924b4316}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf69978f-8b50-11df-9025-001d924b4316}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9bb8940-a130-11df-8a7c-001d924b4316}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9bb8940-a130-11df-8a7c-001d924b4316}\ not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41 bytes User: Default User ->Flash cache emptied: 0 bytes User: Gosia ->Flash cache emptied: 74118 bytes User: Gosia&Filip User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gosia ->Temp folder emptied: 101568748 bytes ->Temporary Internet Files folder emptied: 388709714 bytes ->Java cache emptied: 8570522 bytes ->FireFox cache emptied: 213590749 bytes ->Google Chrome cache emptied: 204024458 bytes ->Opera cache emptied: 13807317 bytes ->Flash cache emptied: 0 bytes User: Gosia&Filip User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 27668519 bytes RecycleBin emptied: 734287100 bytes Total Files Cleaned = 1 614,00 mb OTL by OldTimer - Version 3.2.40.0 log created on 04212012_102818 Files\Folders moved on Reboot... C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTL33P2X\fastbuttonCACG11F5.htm moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTL33P2X\index[4].htm moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWCLBU7B\plusone_gadget[1].htm moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IFCA8T57\fastbuttonCA152KYF.htm moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQNDTB8N\fastbuttonCA09YJYE.htm moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Gosia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] ale i tym razem wylogowało mnie, musiałem zalogować sie do profilu, uruchomić proces explorer.exe i jeszcze raz dałem OTL i skrypt - wtedy zadziałało jak należy
Gość komentarz 21 kwietnia 2012 komentarz 21 kwietnia 2012 Uruchom AdwCleaner i kliknij Delete. Po usuwaniu zrób nowy skan OTL i przedstaw raport. Jak zachowuje sie system?
bobstar komentarz 21 kwietnia 2012 Autor komentarz 21 kwietnia 2012 dziękuję! narazie system działa ok. już nie ma czarnego ekranu. ale zrobię to co piszesz i wyślę raport
Gość komentarz 21 kwietnia 2012 komentarz 21 kwietnia 2012 [quote]ale zrobię to co piszesz i wyślę raport [/quote] dołacz raport ze skanu bo na tym jeszce nie koniec. A musze widzieć jaka jest sytuacja w systemie.
bobstar komentarz 21 kwietnia 2012 Autor komentarz 21 kwietnia 2012 raport AdwCleaner: [log] # AdwCleaner v1.602 - Logfile created 04/21/2012 at 20:18:23 # Updated 19/04/2012 by Xplode # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # User : Gosia - GOSIA-PC # Running from : C:\Users\Gosia\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : AskService Stopped & Deleted : AskUpgrade ***** [Files / Folders] ***** Folder Deleted : C:\Users\Gosia\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Program Files\AskBarDis Folder Deleted : C:\Program Files\Babylon File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [H. Navipromo] ***** ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\AskBarDis Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1 Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.ch/ --> hxxp://www.google.fr -\\ Mozilla Firefox v11.0 (pl) ## File : C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default\prefs.js C:\Users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\a8hpptxj.default\user.js ... Deleted ! Deleted : user_pref("browser.babylon.HPOnNewTab", "1"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("extensions.snipit.askTbInstalled", true); Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=15627&q="); -\\ Google Chrome v18.0.1025.162 ## File : C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "description": "Babylon tool translates texts from within your Google Chrome in a sin[...] Deleted : "128": "babylon48.png", Deleted : "48": "babylon48.png" Deleted : "name": "Babylon Translator", Deleted : "path": "BabylonChromePI.dll", Deleted : "name": "Babylon Chrome Plugin", Deleted : "path": "C:\\Users\\Gosia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\[...] Deleted : "name": "Babylon Chrome Plugin" -\\ Opera v11.62.1347.0 ## File : C:\Users\Gosia\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [5884 octets] - [20/04/2012 11:23:52] AdwCleaner[S1].txt - [5264 octets] - [21/04/2012 20:18:23] ########## EOF - C:\AdwCleaner[S1].txt - [5392 octets] ########## [/log] OTL: [log] OTL logfile created on: 2012-04-21 20:23:04 - Run 3 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,66% Memory free 4,21 Gb Paging File | 3,08 Gb Available in Paging File | 73,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 4,45 Gb Free Space | 5,01% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 5,77 Gb Free Space | 9,74% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-20 12:56:28 | 000,047,712 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\ggapp.exe PRC - [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe PRC - [2012-04-16 22:50:11 | 003,086,432 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\ggdrive\ggdrive.exe PRC - [2012-04-11 08:57:58 | 003,213,408 | ---- | M] (GG Network S.A.) -- C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe PRC - [2012-03-03 12:05:37 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe PRC - [2012-02-24 19:58:24 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2010-01-19 18:33:18 | 000,313,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe PRC - [2010-01-19 18:29:02 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009-11-09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe PRC - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro\o2flash.exe PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe PRC - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () -- C:\Program Files\System Control Manager\edd.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-20 12:56:37 | 001,900,544 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\xulrunner\mozjs.dll MOD - [2012-03-28 08:17:34 | 000,135,168 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\ggdrive\zlib1.dll MOD - [2012-03-16 11:31:56 | 008,526,720 | ---- | M] () -- C:\Users\Gosia\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2007-09-20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006-07-10 12:00:00 | 000,141,312 | ---- | M] () -- C:\Program Files\ZipZag\zipzagcm.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-10-18 10:16:06 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010-01-19 18:27:18 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010-01-19 18:24:12 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009-11-14 15:29:06 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2009-06-07 14:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2009-04-30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-05-30 01:22:32 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-03 21:36:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-01-29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-01-18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008-01-18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro\o2flash.exe -- (o2flash) SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) SRV - [2006-03-22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\edd.exe -- (NishService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (amqygqqk) DRV - [2009-12-30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-10-14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009-05-01 01:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC) DRV - [2009-05-01 01:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009-05-01 01:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009-04-30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-24 20:07:38 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3) DRV - [2009-03-20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-01-13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-04-18 12:30:29 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008-03-22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007-03-09 08:01:00 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2007-03-05 15:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-12-22 06:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-11-30 20:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006-11-20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006-11-20 09:14:08 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2006-11-02 18:41:00 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006-11-02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-10-28 01:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-10-10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006-10-05 17:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2005-08-01 17:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-01-06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.fr"]http://www.google.fr[/url] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/url] IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/url] IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q={searchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url] IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_plPL325"]http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_plPL325[/url] IE - HKCU\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = [url="http://startsear.ch/?q={searchTerms"]http://startsear.ch/?q={searchTerms[/url]} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=32904b96a97447d08753d154d4afaae5-be72f898c1c2c2df576d9b216766416aed369e44&lang=pl&ds=gm011&pr=sa&d=2012-03-26"]http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=32904b96a97447d08753d154d4afaae5-be72f898c1c2c2df576d9b216766416aed369e44&lang=pl&ds=gm011&pr=sa&d=2012-03-26[/url] 20:03:05&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gosia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-22 16:49:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-14 13:55:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012-04-16 21:38:39 | 000,000,000 | ---D | M] [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions [2010-08-19 15:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-04-16 22:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions [2010-04-29 09:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-04-11 11:48:50 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2008-12-23 12:28:35 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011-01-10 11:12:01 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\firesheep@codebutler.com [2009-12-04 13:35:13 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\seoquake-plugin-seolinx@seoquake.com [2012-01-17 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-30 12:31:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-22 16:49:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-07 12:19:18 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-26 20:03:00 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011-10-07 12:19:18 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-10-07 12:19:18 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-10-07 12:19:18 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-10-07 12:19:18 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-10-07 12:19:18 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = [url="http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms"]http://isearch.avg.com/search?cid={13D3E8E6-4BF8-452D-907E-1F206EDB52DF}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms[/url]} CHR - default_search_provider: suggest_url = [url="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding"]http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding[/url]} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Edit This Cookie = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.14.8_0\ CHR - Extension: Skype Click to Call = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: SEO SERP = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg\0.14.4_0\ CHR - Extension: Gmail = C:\Users\Gosia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - E:\programy\ALLPlayer\Iplex\IplexToALLPlayer.dll File not found O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKCU..\Run: [GG] C:\Users\Gosia\AppData\Local\GG\Application\gghub.exe (GG Network S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Local intranet) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Local intranet) O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Local intranet) O15 - HKCU\..Trusted Domains: google.pl ([www] https in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/url] (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC3D5EA7-EC0A-4BB6-BDE9-F4DDD20D4D7D}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDA372CA-4DD5-4BCA-B90E-9B4BE5AFD8FA}: DhcpNameServer = 8.8.8.8 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Gosia\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-03-28 21:10:33 | 000,028,676 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-20 11:17:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-20 10:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012-04-20 10:26:11 | 000,000,000 | ---D | C] -- C:\rsit [2012-04-20 09:35:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-16 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-04-12 10:12:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-04-12 10:12:09 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-04-12 10:12:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-04-12 10:12:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-04-12 10:12:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-04-12 10:12:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-04-12 10:11:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-04-12 10:11:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-03-31 22:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2012-03-31 22:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [2012-03-31 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Gosia\Documents\Deluxe Ski Jump 4 [2012-03-30 12:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-03-30 12:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012-03-28 08:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-03-28 08:17:56 | 000,000,000 | --SD | C] -- C:\Users\Gosia\GG dysk [2012-03-26 20:02:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-21 20:27:16 | 000,116,736 | ---- | M] () -- C:\Users\Gosia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-21 20:27:11 | 007,340,032 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT [2012-04-21 20:20:01 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-04-21 20:19:59 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-04-21 20:19:59 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-04-21 20:19:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-04-21 20:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-04-21 20:18:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012-04-21 20:18:46 | 000,524,288 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2012-04-21 20:18:46 | 000,065,536 | -HS- | M] () -- C:\Users\Gosia\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2012-04-21 20:18:44 | 003,473,455 | -H-- | M] () -- C:\Users\Gosia\AppData\Local\IconCache.db [2012-04-21 20:12:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000UA.job [2012-04-21 20:12:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-777273053-2809330852-579202895-1000Core.job [2012-04-21 10:02:26 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-04-20 13:41:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012-04-20 11:23:16 | 000,582,891 | ---- | M] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-04-20 10:25:37 | 000,781,383 | ---- | M] () -- C:\Users\Gosia\Desktop\RSIT.exe [2012-04-20 09:35:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gosia\Desktop\OTL.exe [2012-04-16 21:38:41 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-04-15 09:50:58 | 000,000,341 | ---- | M] () -- C:\Windows\win.ini [2012-04-14 19:37:46 | 001,617,034 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-04-14 19:37:46 | 000,714,674 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-04-14 19:37:46 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-04-14 19:37:46 | 000,152,718 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-04-14 19:37:46 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-03-28 08:51:49 | 000,100,983 | ---- | M] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | M] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [1 C:\Users\Gosia\AppData\Local\*.tmp files -> C:\Users\Gosia\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-20 11:23:16 | 000,582,891 | ---- | C] () -- C:\Users\Gosia\Desktop\adwcleaner.exe [2012-04-20 10:25:33 | 000,781,383 | ---- | C] () -- C:\Users\Gosia\Desktop\RSIT.exe [2012-04-18 09:58:08 | 000,001,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk [2012-04-16 21:38:41 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012-03-28 08:51:49 | 000,100,983 | ---- | C] () -- C:\Users\Gosia\Documents\eboa.hyperion.pl_public_4all_faktura.php_id=9705&format=html&r=2012&re=FS.pdf [2012-03-26 11:08:32 | 000,075,595 | ---- | C] () -- C:\Users\Gosia\Desktop\fakturaAz-tourispace.pdf [2011-11-06 22:33:20 | 000,001,958 | ---- | C] () -- C:\Windows\System32\enbseries.ini [2011-09-25 00:51:40 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-09-25 00:51:40 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2011-06-23 21:12:33 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2011-06-23 21:12:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2011-06-23 21:12:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2011-06-23 21:12:30 | 000,491,520 | ---- | C] () -- C:\Windows\System32\mp3lib.dll [2011-06-23 21:12:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\libvorbis.dll [2011-06-23 21:12:29 | 000,147,522 | ---- | C] () -- C:\Windows\System32\language.ini [2011-06-23 21:12:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LameEncShim.dll [2011-06-23 21:12:28 | 000,688,128 | ---- | C] () -- C:\Windows\System32\ia32math.dll [2011-06-23 21:12:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011-06-23 21:12:24 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll [2011-06-20 22:46:28 | 000,000,600 | ---- | C] () -- C:\Users\Gosia\AppData\Roaming\winscp.rnd [2010-10-27 10:06:29 | 000,004,096 | -H-- | C] () -- C:\Users\Gosia\AppData\Local\keyfile3.drm [2010-06-16 17:24:16 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010-06-07 16:46:43 | 000,000,680 | ---- | C] () -- C:\Users\Gosia\AppData\Local\d3d9caps.dat [2010-05-12 14:30:21 | 003,473,455 | -H-- | C] () -- C:\Users\Gosia\AppData\Local\IconCache.db [2010-05-12 00:10:00 | 000,093,656 | ---- | C] () -- C:\Users\Gosia\AppData\Local\GDIPFONTCACHEV1.DAT [color=#E56717]========== LOP Check ==========[/color] [2009-02-04 00:01:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\2K Sports [2011-03-11 10:57:14 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Azureus [2008-06-28 12:50:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Blumentals [2010-07-15 08:25:17 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Bytemobile [2012-04-20 23:43:19 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\CuteRank [2008-04-18 12:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\DAEMON Tools [2010-07-15 08:30:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ERA [2011-12-12 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\EurekaLog [2012-04-17 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\FileZilla [2011-06-08 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Free Monitor for Google [2008-03-03 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu [2010-04-27 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Gadu-Gadu 10 [2008-04-04 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GameHouse [2012-04-21 20:21:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GG [2008-06-21 00:16:39 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\GHISLER [2010-07-10 10:26:08 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\JAlbum [2008-11-17 23:29:47 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Leadertech [2012-03-26 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2009-05-30 11:56:56 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\My Games [2010-06-26 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenFM [2010-05-21 01:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\OpenOffice.org [2010-05-28 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Opera [2009-09-21 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PC Suite [2008-03-26 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PeerNetworking [2009-11-12 12:24:28 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Piechnat Soft [2008-03-01 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Pogo Games [2009-06-08 02:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\PPMate [2010-11-11 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Raptr [2009-09-21 19:03:19 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Samsung [2008-08-22 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Silver Style Entertainment [2010-08-16 14:57:12 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softland [2009-03-10 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\SoftMaker [2010-06-02 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Softplicity [2010-08-19 15:41:30 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Thunderbird [2011-10-18 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\TuneUp Software [2011-06-29 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Uniblue [2011-06-14 09:32:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\VS Revo Group [2009-06-09 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\Vso [2010-08-18 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\XnView [2009-10-12 14:17:18 | 000,000,000 | ---D | M] -- C:\Users\Gosia\AppData\Roaming\ZipZag [2012-04-21 20:18:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log] OTL Extras logfile created on: 2012-04-21 20:23:04 - Run 3 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Gosia\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,66% Memory free 4,21 Gb Paging File | 3,08 Gb Available in Paging File | 73,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,87 Gb Total Space | 4,45 Gb Free Space | 5,01% Space Free | Partition Type: NTFS Drive E: | 59,20 Gb Total Space | 5,77 Gb Free Space | 9,74% Space Free | Partition Type: NTFS Computer Name: GOSIA-PC | User Name: Gosia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %*" [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %*" regfile [merge] -- Reg Error: Key error. scrfile [config] -- Reg Error: Key error. scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FOTOJOKER Fotoswiat] -- "C:\Program Files\Fotojoker\FOTOJOKER Fotoswiat\FOTOJOKER Fotoswiat.exe" "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\WapSter\AQQ\AQQ.exe" = C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ -- (AQQ Sp. z o.o.) "C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate "C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13D23FCA-53B8-444F-8295-3C466BAC12F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email="name=@firewallapi.dll,-28539"]name=@firewallapi.dll,-28539[/email] | "{2CE24AAE-C77C-46E2-9BE9-C10996775A69}" = rport=1723 | protocol=6 | dir=out | app=system | "{3F9D0189-3480-4CFF-ADAC-17E107EA0B40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{41A34225-3A85-43D9-85B0-55A3E0E3D48D}" = lport=138 | protocol=17 | dir=in | app=system | "{523075BA-4096-4177-B995-D6D2FA83380C}" = lport=445 | protocol=6 | dir=in | app=system | "{5509144C-3644-4DFC-9658-0AA1C906DDFE}" = lport=139 | protocol=6 | dir=in | app=system | "{6591A9BE-6429-4A0D-A051-809CC7BC604F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73C7A2F5-6602-4DD0-BD43-A93FE042A01A}" = lport=1723 | protocol=6 | dir=in | app=system | "{83961414-B443-4B62-AE2F-17EC67C29520}" = lport=137 | protocol=17 | dir=in | app=system | "{9D62763D-D0DF-4423-93E8-D07EEF386A58}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A15A0CD5-1A5B-4656-8FD0-CB7B41979538}" = rport=445 | protocol=6 | dir=out | app=system | "{A59A2414-9393-4CC9-ACF5-7BE22D83E530}" = rport=139 | protocol=6 | dir=out | app=system | "{B323468F-1752-49C1-8461-9FD1953DB559}" = rport=137 | protocol=17 | dir=out | app=system | "{BCA38CB7-07FD-43CC-BDD1-449C85A4DFB5}" = rport=1701 | protocol=17 | dir=out | app=system | "{E663C26A-73C2-436D-86C0-11D94F3D6FF1}" = rport=138 | protocol=17 | dir=out | app=system | "{EF991DC8-8E8E-44BF-9285-78A2E3698E5D}" = lport=1701 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FB3BBDC-7A66-4E89-A330-FE25A879F89D}" = protocol=1 | dir=out | [email="name=@firewallapi.dll,-28544"]name=@firewallapi.dll,-28544[/email] | "{11F91CB0-34F3-46DE-BD19-C00BCE4E4846}" = protocol=58 | dir=out | [email="name=@firewallapi.dll,-28546"]name=@firewallapi.dll,-28546[/email] | "{21E2D166-887A-450E-A9CF-40DDB0629DAF}" = protocol=17 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{27693819-FE7F-4C31-83B7-2AF4E9DD5403}" = protocol=6 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{2A6E5A2F-00A0-4DB8-A8BA-4FC0144A6D61}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{525FB602-2529-4372-9CCE-F2A57964866A}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{771032D5-DADA-47B3-B317-B6C369C9F66C}" = protocol=58 | dir=in | [email="name=@firewallapi.dll,-28545"]name=@firewallapi.dll,-28545[/email] | "{7B50EE15-0D97-4AC1-ADCA-112ABD3550AF}" = protocol=1 | dir=in | [email="name=@firewallapi.dll,-28543"]name=@firewallapi.dll,-28543[/email] | "{87EB7DCC-6AF3-4BC3-A1C3-5B9474ECDE0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA56FC72-88B5-4FAF-B710-AD6B3E7018CE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{ABCD0646-97CE-4211-AD50-7FE2704AD0F8}" = protocol=17 | dir=in | app=c:\program files\cuterank\cuterank.exe | "{CEDB63A4-DC4A-4CD9-A8FC-0572F5EB2196}" = protocol=6 | dir=in | app=c:\users\gosia\desktop\videoconverter_setup.exe | "{E9911258-B96C-4C05-8EE9-AD8D74B3FA67}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{1EADAF55-A582-4B9B-B72E-C57E4C13CAEE}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{20380080-81F7-4290-83BF-19E59636F533}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{2555874A-58FD-4CAC-AE45-A51857B93D85}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{3BB897BA-9601-44B7-B8EF-46CA314FB4CF}E:\gry\cs\hlds.exe" = protocol=6 | dir=in | app=e:\gry\cs\hlds.exe | "TCP Query User{3CE05880-C97A-4537-AC29-B57650487AFA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{4011E28A-3ED4-4A54-B36C-3BF675D01806}E:\gry\cs\hl.exe" = protocol=6 | dir=in | app=e:\gry\cs\hl.exe | "TCP Query User{418BECB2-AD5F-46E0-89C0-EE07761282EB}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{5AA57A4B-DE67-432A-89E2-6954D4108FC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{60CB51FB-3E28-406F-B54E-DF9D0E2F7CF0}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{61997441-0B60-47B3-9B6A-EF1357465092}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{77728166-201D-449B-8F46-474AF892204F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{8DD97830-78A3-47B3-81E7-A55845865EB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{97E78F37-7028-45D6-BB51-4883006D8E11}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{988687A8-A992-4116-81AC-0165FAD450EC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{AE42FD0E-B397-476B-8F44-0CD2D2BA05D3}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{E3642D3F-4F58-405D-829B-EB1412B2227F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{EA9F3CA5-6362-4CF5-AEC7-D9F040F122B2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F48574FC-7D56-49D8-937F-6F4DC659CC57}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{F8522DE4-C48E-4D03-B7DD-1453F4FEC867}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{025ADA7F-58DB-453B-95C8-43BAEA141DBA}E:\gry\cs\hl.exe" = protocol=17 | dir=in | app=e:\gry\cs\hl.exe | "UDP Query User{0930EED6-BBFE-429A-90FD-C456B0759765}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{18E801C7-C520-4B40-90AA-22BA49010B63}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1BDAFCA2-5F66-446E-BF37-FBD356334EF9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2216CE01-9ED9-4508-A877-5DC6B6ECFAEF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{3AEC57A4-E5C2-4C7C-9012-B0B93C65AA0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{745455CD-F418-4017-8AC0-3C241AE4A337}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7942D365-11E7-45E1-8AF6-8FBD0E9F0563}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{7E9D268C-1F39-4620-8892-03A4F2476488}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9DBA734B-1BA4-4CB8-A1D5-C56BA10A4A4E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A650947D-C073-4310-8501-0A5AE9D31239}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{A872E8B8-D8CD-46FB-8846-038766A63331}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{AA4E06F0-9886-4436-9A9F-5A175DD670CC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{AAC82437-A82D-4928-8BE6-9937A091C60A}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{C2863734-67D2-4D52-B72E-34AD2ABF25D9}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{E2781372-AEC3-4F0F-B902-7DDF35E14B47}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E5C39486-969D-49AB-B466-20384225DD0F}E:\gry\cs\hlds.exe" = protocol=17 | dir=in | app=e:\gry\cs\hlds.exe | "UDP Query User{ED1663BA-8520-45EA-BBAF-80E60121C702}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{FDDD1FA6-B48D-4AB2-89FD-ABB8E8732274}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007E2169-16E4-4ACF-95BF-2E9FBC49673E}" = Adobe Setup "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 8.01.001 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10 "{1466F426-3D1E-411C-89BE-5F04261123EF}" = Adobe InDesign CS3 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan "{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5525F6BD-0627-4F48-9640-B809A834E69C}" = The Panorama Factory V5 m32 Edition "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85767617-E6B1-499E-8C1B-C92E2AAFF586}" = TuneUp Utilities Language Pack (pl-PL) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US) "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.1 - Polish "{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0 "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{ACCD5C00-F1E4-11DD-AA93-005056C00008}" = Paragon Partition Manager™ 10.0 Server "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7A27DE8-1A77-45E3-8CFB-72A50D1C2922}" = Jalbum "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCFB469B-85FF-4CB6-AA75-542BDE267A22}" = Easy Email Sender "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3 "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FDFCE5F3-8962-579F-8398-16310ABED56A}" = Market Samurai "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3 "ALLPlayer_is1" = ALLPlayer V4.X "appcd_2009.PL000.002" = pkt.pl na CD - CD Turystyka 2009 "CCleaner" = CCleaner (remove only) "CuteRank" = CuteRank 3.5.0 "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 "DMI Browser" = DMI Browse "doPDF 7 printer_is1" = doPDF 7.1 printer "DRUKI IPS_is1" = DRUKI IPS "DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.0.2 "Easy Email Sender" = Easy Email Sender "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.3 "FOTOJOKER Fotoswiat" = FOTOJOKER Fotoswiat "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Gadu-Gadu 10" = Gadu-Gadu 10 "GOM Player" = GOM Player "Google Updater" = Aktualizator Google "GSview 4.8" = GSview 4.8 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InfoView" = InfoView "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "JDownloader" = JDownloader "Kaspersky Online Scanner" = Kaspersky Online Scanner "kED_is1" = kED 2.1.4.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full) "lvdrivers_12.0" = Pakiet sterowników: Logitech Webcam Software "Mahjong Garden Deluxe Free" = Mahjong Garden Deluxe Free "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Monopoly by Parker Brothers" = Monopoly by Parker Brothers "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "Mozilla Thunderbird 11.0.1 (x86 pl)" = Mozilla Thunderbird 11.0.1 (x86 pl) "OEBackupGenie_is1" = Outlook Express Backup Genie v2.0 "Opera 11.62.1347" = Opera 11.62 "PDF Combine_is1" = PDF Combine "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.10 "PowerISO" = PowerISO "Program Pit 2007 - rozliczenie roczne podatku dochodowego_is1" = 1.0.0.25 "Quick Search Box" = Okno szybkiego wyszukiwania Google "RealAlt_is1" = Real Alternative 1.8.4 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "seopowersuite" = SEO SpyGlass "SkanerOnline" = Skaner on-line mks_vir "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "Tetris 5000(v1.10 full version)" = Tetris 5000(v1.10 full version) "Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930 "Totalcmd" = Total Commander (Remove or Repair) "TuneUp Utilities" = TuneUp Utilities "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uniblue RegistryBooster" = Uniblue RegistryBooster "VATowiec Komplet_is1" = VATowiec 3.61 "VATowiec_is1" = VATowiec 3.36 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "winscp3_is1" = WinSCP 4.3.3 "XnView_is1" = XnView 1.97.6 "ZipZag_is1" = ZipZag 1.80 Archiver [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GG" = GG "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-20 01:20:23 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-20 03:29:37 | Computer Name = Gosia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, moduł powodujący błąd gghub.exe, wersja 11.0.0.0, sygnatura czasowa 0x4f7d023b, kod wyjątku 0xc0000005, przesunięcie błędu 0x00022699, identyfikator procesu 0xa74, godzina rozpoczęcia aplikacji 0x01cd1ec72d1fe1f4. Error - 2012-04-20 14:01:04 | Computer Name = Gosia-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd GOM.exe, wersja 2.1.39.5101, sygnatura czasowa 0x4f6030c7, moduł powodujący błąd libavcodec.dll, wersja 0.0.0.0, sygnatura czasowa 0x4e1a9077, kod wyjątku 0xc0000005, przesunięcie błędu 0x0014f180, identyfikator procesu 0x1610, godzina rozpoczęcia aplikacji 0x01cd1f1f83c8d179. Error - 2012-04-21 02:01:29 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-21 02:01:29 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-21 02:01:30 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = Error - 2012-04-21 02:01:55 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-21 02:01:55 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 11606 Description = Error - 2012-04-21 02:01:55 | Computer Name = Gosia-PC | Source = MsiInstaller | ID = 1023 Description = [ System Events ] Error - 2012-04-21 04:38:18 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 04:38:18 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 04:38:18 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-04-21 14:08:00 | Computer Name = Gosia-PC | Source = Print | ID = 19 Description = Bufor wydruku nie może udostępnić drukarki Xerox Phaser 3117 z nazwą udostępnionego zasobu Xerox Phaser 3117. Błąd 2114. Inne osoby w sieci nie mogą korzystać z drukarki. Error - 2012-04-21 14:09:00 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 14:09:00 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 14:09:00 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 14:09:00 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2012-04-21 14:20:36 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2012-04-21 14:20:36 | Computer Name = Gosia-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > [/log]
Gość komentarz 21 kwietnia 2012 komentarz 21 kwietnia 2012 Została drobna kosmetyka. Uruchom OTL i w oknie [b]własne opcje skanowania skrypt[/b] wklej [code]:Files C:\Users\Gosia\AppData\Roaming\mozilla\Firefox\Profiles\a8hpptxj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} :OTL IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found :Commands [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Po usuwaniu uruchom Adwcleaner i kliknij [b]Delete[/b]. Uruchom OTL i klknij opcję [b]Sprzatanie[/b]. To usunie program i kwarantannę. Wyczyść foldery [b]Przywracania systemu - instrukcja [/b]http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/ To wszystko.
bobstar komentarz 21 kwietnia 2012 Autor komentarz 21 kwietnia 2012 zrobione bardzo dziękuję za skuteczną pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.