Chris Van Green utworzono 3 lipca 2012 utworzono 3 lipca 2012 Witam! Od pewnego czasu zauważyłem dziwną pracę komputera... Z "budy" wydobywa się dźwięk, wirującej z maksymalną prędkością płyty w napędzie CD, a takowej tam nie ma... Przypuszczam, że to HDD. Dzieje się tak, gdy komputer wykonuje jakąś głebszą pracę, np. instalacja lub uruchamianie gry. Ponadto pierwsze uruchomienie firefoxa jest bardzo mozolne, chodź to błachostka... Najgorszy jest pojawiający się bardzo często bluescreen, po którym następuje restart komputera. Po restarcie pojawia się okienko w Windowsie z informacja o odzyskaniu przez system sprawnosci po poważnym błędzie: Podpis problemu: Nazwa zdarzenia problemu: BlueScreen Wersja systemu operacyjnego: 6.1.7600.2.0.0.256.1 Identyfikator ustawień regionalnych: 1045 Dodatkowe informacje o problemie: BCCode: 50 BCP1: FFFFF8A009966000 BCP2: 0000000000000000 BCP3: FFFFF80002D3D079 BCP4: 0000000000000000 OS Version: 6_1_7600 Service Pack: 0_0 Product: 256_1 Pliki pomagające opisać problem: C:\Windows\Minidump\070312-17191-01.dmp C:\Users\Krzysiek\AppData\Local\Temp\WER-41901-0.sysdata.xml Przeczytaj w trybie online nasze zasady zachowania poufności informacji: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0415 Jeśli zasady zachowania poufności informacji w trybie online nie są dostępne, przeczytaj nasze zasady zachowania poufności informacji w trybie offline: C:\Windows\system32\pl-PL\erofflps.txt Dzieje się tak mniej wiecej od czasu zainstalowania gry Max Payne 3. Proszę o pomoc. Z góry dzięki;)Chciał bym tylko dodać, że ten problem z bluescreenem pojawia się mniej więcej 5-10 min od czasu właczenia komputera... więc pomoc jest mi pilnie potrzebna, ale z tego co widzę to nikt nie potrafi rozwiązać mojego problemu, albo chociaż dać jakąś wskazówkę... Co mam zrobić? Może źle sformułowałem temat? Może wstawić zdjęcie bluescreena? Proszę dajcie chociaż jakąś wskazówkę...Bluescreen ma tytuł: PAGE_FAULT_IN_NONPAGED_AREA
nitro07 komentarz 4 lipca 2012 komentarz 4 lipca 2012 Pobierz i zainstaluj program HDtune i daj zrzut ekranu z zakładki Health. Sprawdź też czy w trybie awaryjnym też występuje ten Blue Screen. 1
Chris Van Green komentarz 4 lipca 2012 Autor komentarz 4 lipca 2012 Przeczyściełm Malwarem kompa i usunełem to co znalazł. Na razie jest dobrze i bluescreen się nie pojawia, ale nie zamykajcie tematu, bo nie wiadomo co jeszcze będzie...Znów jednak jest bluescreen... Ściagnełem HD Tune i daję screeny: [attachment=20400:Benchmark.jpg] [attachment=20401:Health.jpg] [attachment=20402:Info.jpg]
Chris Van Green komentarz 5 lipca 2012 Autor komentarz 5 lipca 2012 Ciesze się, bo dysk ma jakieś niecałe pół roku:) Ale co to może być? Słyszałem, że ten bluescreen powoduje wirus HaxDoor, czy coś takiego lub problem z RAM'em.Proszę pomóżcie... Nie mogę już wytrzymać gdy komp restartuje się co 5 minut...
Natsuki Kuga komentarz 6 lipca 2012 komentarz 6 lipca 2012 Skoro masz obawy że to wirus, zapoznaj się z przyklejonymi w Bezpieczeństwie i pokaż stosowne logi. Spakuj folder [b]C:\WINDOWS\Minisump[/b] w archiwum, wrzuć na jakiś hosting i podaj link. 1
Chris Van Green komentarz 12 lipca 2012 Autor komentarz 12 lipca 2012 Zapoznam się, a tymczasem wrzucam folder [b]Minidump[/b] spakowany w rar: http://www.wrzuc.to/Jb16cjqJMq.wt[b][size=5]OTL:[/size][/b] [log]OTL logfile created on: 2012-07-13 13:38:52 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Krzysiek\Desktop\Programy 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,62% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 22,48 Gb Free Space | 44,96% Space Free | Partition Type: NTFS Drive D: | 100,04 Gb Total Space | 64,85 Gb Free Space | 64,83% Space Free | Partition Type: NTFS Drive E: | 315,62 Gb Total Space | 92,10 Gb Free Space | 29,18% Space Free | Partition Type: NTFS Computer Name: BOX | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-07-13 13:28:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Krzysiek\Desktop\Programy\OTL.exe PRC - [2012-06-23 12:11:29 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012-06-15 00:18:11 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Programy\Firefox\plugin-container.exe PRC - [2012-06-15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programy\Firefox\firefox.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-09-22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- E:\Programy\ESET SS\x86\ekrn.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-07-13 13:28:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Krzysiek\Desktop\Programy\OTL.exe MOD - [2012-06-23 12:11:29 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012-06-23 12:11:29 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe MOD - [2012-06-15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\components\browsercomps.dll MOD - [2012-06-15 00:19:04 | 015,757,792 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\xul.dll MOD - [2012-06-15 00:18:20 | 000,019,424 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\xpcom.dll MOD - [2012-06-15 00:18:17 | 000,145,376 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\ssl3.dll MOD - [2012-06-15 00:18:15 | 000,155,104 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\softokn3.dll MOD - [2012-06-15 00:18:13 | 000,091,104 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\smime3.dll MOD - [2012-06-15 00:18:11 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Programy\Firefox\plugin-container.exe MOD - [2012-06-15 00:18:10 | 000,020,960 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\plds4.dll MOD - [2012-06-15 00:18:09 | 000,021,472 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\plc4.dll MOD - [2012-06-15 00:18:07 | 000,092,640 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\nssutil3.dll MOD - [2012-06-15 00:18:06 | 000,095,712 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\nssdbm3.dll MOD - [2012-06-15 00:18:04 | 000,358,368 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\nssckbi.dll MOD - [2012-06-15 00:18:02 | 000,637,920 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\nss3.dll MOD - [2012-06-15 00:17:59 | 000,170,464 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\nspr4.dll MOD - [2012-06-15 00:17:58 | 000,829,920 | ---- | M] (sqlite.org) -- E:\Programy\Firefox\mozsqlite3.dll MOD - [2012-06-15 00:17:55 | 002,042,848 | ---- | M] () -- E:\Programy\Firefox\mozjs.dll MOD - [2012-06-15 00:17:51 | 000,043,488 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\mozglue.dll MOD - [2012-06-15 00:17:49 | 000,016,352 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\mozalloc.dll MOD - [2012-06-15 00:17:41 | 000,624,608 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\gkmedias.dll MOD - [2012-06-15 00:17:38 | 000,258,528 | ---- | M] (Mozilla Foundation) -- E:\Programy\Firefox\freebl3.dll MOD - [2012-06-15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programy\Firefox\firefox.exe MOD - [2012-06-15 00:16:43 | 000,770,384 | ---- | M] (Microsoft Corporation) -- E:\Programy\Firefox\msvcr100.dll MOD - [2012-06-15 00:16:43 | 000,421,200 | ---- | M] (Microsoft Corporation) -- E:\Programy\Firefox\msvcp100.dll MOD - [2012-04-04 15:56:38 | 002,165,320 | ---- | M] (Malwarebytes Corporation) -- E:\Programy\Malwarebytes' Anti-Malware\mbamnet.dll MOD - [2012-04-04 15:56:38 | 000,476,232 | ---- | M] (Malwarebytes Corporation) -- E:\Programy\Malwarebytes' Anti-Malware\mbam.dll MOD - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe MOD - [2011-12-31 00:29:43 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll MOD - [2011-10-15 10:53:00 | 007,041,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll MOD - [2011-10-15 10:53:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll MOD - [2011-10-15 01:54:42 | 000,154,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll MOD - [2011-10-15 01:54:36 | 000,576,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll MOD - [2011-10-15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2010-03-25 11:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL MOD - [2010-03-25 04:46:54 | 008,898,512 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\Office14\1045\GrooveIntlResource.dll MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009-07-14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 03:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 03:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009-07-14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009-07-14 03:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 03:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 03:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 03:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009-07-14 03:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009-07-14 03:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009-07-14 03:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009-07-14 03:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-07-14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 03:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 03:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009-07-14 03:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009-07-14 03:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll MOD - [2009-07-14 03:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009-07-14 03:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-07-14 03:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009-07-14 03:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 03:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll MOD - [2009-07-14 03:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009-07-14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009-07-14 03:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009-07-14 03:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009-07-14 03:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009-07-14 03:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 03:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009-07-14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 03:15:13 | 001,069,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2009-07-14 03:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 03:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 03:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 03:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 03:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009-07-14 03:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009-07-14 03:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2009-07-14 03:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 03:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 03:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 03:15:07 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2009-07-14 03:15:07 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2009-07-14 03:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 03:15:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2009-07-14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009-07-14 03:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 03:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 03:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 03:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 03:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-06-10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll MOD - [2009-06-10 23:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-07-13 12:11:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-06-15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-12-31 00:36:04 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011-10-26 00:00:04 | 003,272,016 | ---- | M] (O&O Software GmbH) [Auto | Running] -- E:\Programy\O&O\oodag.exe -- (OODefragAgent) SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-09-22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- E:\Programy\ESET SS\x86\ekrn.exe -- (ekrn) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2011-12-30 23:11:21 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-08-09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2011-08-04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2011-08-04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2011-08-04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2011-08-04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2011-04-27 11:08:12 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:[b]64bit:[/b] - [2011-04-27 11:08:10 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:[b]64bit:[/b] - [2011-04-27 11:08:10 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:[b]64bit:[/b] - [2010-12-23 17:35:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:[b]64bit:[/b] - [2010-12-23 17:35:02 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:[b]64bit:[/b] - [2010-12-23 17:35:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:[b]64bit:[/b] - [2010-12-23 17:35:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:[b]64bit:[/b] - [2009-09-29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:[b]64bit:[/b] - [2009-09-29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:[b]64bit:[/b] - [2009-09-29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=346c4386000000000000001fd00d2e1b IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\..\SearchScopes\{D86EC9B9-6843-4E7C-AADD-B28EB9E65661}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms} IE - HKU\S-1-5-21-786986412-1690990626-2942290277-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=346c4386000000000000001fd00d2e1b&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programy\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programy\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\PROGRAMY\ESET SS\MOZILLA THUNDERBIRD [2012-01-23 14:24:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: E:\Programy\Firefox\components [2012-07-03 23:50:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: E:\Programy\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Programy\ESET SS\Mozilla Thunderbird [2012-01-23 14:24:39 | 000,000,000 | ---D | M] [2011-12-30 21:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Extensions [2012-05-03 18:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\077cfzeq.default\extensions [2012-01-28 15:25:36 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\077cfzeq.default\extensions\netvideohunter@netvideohunter.com O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - E:\Programy\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programy\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] E:\Programy\ESET SS\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [OODefragTray] E:\Programy\O&O\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-786986412-1690990626-2942290277-1001..\Run: [DAEMON Tools Lite] E:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-786986412-1690990626-2942290277-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-786986412-1690990626-2942290277-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57281A59-3AF5-479A-A5E2-D089048E465C}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57281A59-3AF5-479A-A5E2-D089048E465C}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{28bb6fb8-466f-11e1-8788-001fd00d2e1b}\Shell - "" = AutoRun O33 - MountPoints2\{28bb6fb8-466f-11e1-8788-001fd00d2e1b}\Shell\AutoRun\command - "" = H:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-07-04 18:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012-07-03 23:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012-07-03 23:03:27 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\Malwarebytes [2012-07-03 23:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-03 23:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-07-03 23:03:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-02 01:02:25 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\Chromium [2012-07-02 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\Documents\Rockstar Games [2012-07-02 00:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012-07-02 00:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2012-07-01 23:35:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012-07-01 23:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012-06-30 17:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2012-06-10 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\Macromedia [2012-06-01 18:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV [2012-06-01 18:15:02 | 000,000,000 | ---D | C] -- C:\LGP970 [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-07-13 13:40:55 | 001,835,008 | -HS- | M] () -- C:\Users\Krzysiek\ntuser.dat [2012-07-13 13:21:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-13 13:21:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-13 13:11:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-13 11:36:58 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-13 11:36:58 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-13 11:35:03 | 001,669,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-13 11:35:03 | 000,740,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-07-13 11:35:03 | 000,654,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-13 11:35:03 | 000,155,186 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-07-13 11:35:03 | 000,121,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-13 11:29:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-07-13 11:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-13 11:29:39 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012-07-13 11:29:38 | 000,729,300 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012-07-13 00:01:55 | 005,151,113 | -H-- | M] () -- C:\Users\Krzysiek\AppData\Local\IconCache.db [2012-07-08 14:14:22 | 000,151,314 | ---- | M] () -- C:\Windows\Minidump.rar [2012-07-03 23:50:34 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-07-03 12:05:46 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012-06-13 10:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TMContainer00000000000000000002.regtrans-ms [2012-06-13 10:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TMContainer00000000000000000001.regtrans-ms [2012-06-13 10:00:09 | 000,065,536 | -HS- | M] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TM.blf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-08 14:14:22 | 000,151,314 | ---- | C] () -- C:\Windows\Minidump.rar [2012-07-03 23:50:34 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-07-03 23:50:34 | 000,000,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-06-13 07:45:27 | 000,524,288 | -HS- | C] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TMContainer00000000000000000002.regtrans-ms [2012-06-13 07:45:27 | 000,524,288 | -HS- | C] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TMContainer00000000000000000001.regtrans-ms [2012-06-13 07:45:27 | 000,065,536 | -HS- | C] () -- C:\Users\Krzysiek\ntuser.dat{f40e9919-b51a-11e1-b9ba-001fd00d2e1b}.TM.blf [2012-04-15 14:43:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012-04-15 14:43:36 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012-02-28 19:53:37 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll [2012-02-28 19:53:37 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll [2012-02-01 12:41:19 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012-02-01 12:41:19 | 000,017,664 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2012-01-29 16:13:41 | 005,151,113 | -H-- | C] () -- C:\Users\Krzysiek\AppData\Local\IconCache.db [2012-01-08 15:18:03 | 001,636,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-12-31 00:36:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011-12-30 23:09:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011-12-30 23:09:16 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011-12-30 23:09:16 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-12-30 23:09:16 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-12-30 22:32:42 | 000,109,592 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\GDIPFONTCACHEV1.DAT [2011-12-30 21:26:13 | 001,835,008 | -HS- | C] () -- C:\Users\Krzysiek\ntuser.dat [2011-12-30 21:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Krzysiek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011-12-30 21:26:13 | 000,524,288 | -HS- | C] () -- C:\Users\Krzysiek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011-12-30 21:26:13 | 000,065,536 | -HS- | C] () -- C:\Users\Krzysiek\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011-12-30 21:26:13 | 000,000,020 | -HS- | C] () -- C:\Users\Krzysiek\ntuser.ini [2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2010-10-05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys [color=#E56717]========== LOP Check ==========[/color] [2012-07-05 13:12:49 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\AIMP3 [2011-12-31 00:21:56 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ashampoo [2012-02-02 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Babylon [2012-07-03 12:10:29 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite [2011-12-30 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\ESET [2012-01-25 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Gadu-Gadu 10 [2012-02-17 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenFM [2012-02-25 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ubisoft [2011-12-30 22:28:38 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\URSoft [2012-05-20 15:27:04 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\uTorrent [2012-07-02 10:39:04 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2012-07-13 11:29:39 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012-07-13 11:29:39 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys [2012-02-02 15:45:45 | 000,000,237 | ---- | M] () -- C:\user.js [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report > [/log] [log]OTL Extras logfile created on: 2012-07-13 13:38:52 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Krzysiek\Desktop\Programy 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,62% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,00 Gb Total Space | 22,48 Gb Free Space | 44,96% Space Free | Partition Type: NTFS Drive D: | 100,04 Gb Total Space | 64,85 Gb Free Space | 64,83% Space Free | Partition Type: NTFS Drive E: | 315,62 Gb Total Space | 92,10 Gb Free Space | 29,18% Space Free | Partition Type: NTFS Computer Name: BOX | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-786986412-1690990626-2942290277-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programy\Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07527947-C374-429F-8649-39451B6A2648}" = rport=445 | protocol=6 | dir=out | app=system | "{24A6D0DE-C8BA-451C-939D-7BF6245D363E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{35AA050D-866B-42FE-B776-92C3B2880F48}" = lport=138 | protocol=17 | dir=in | app=system | "{58C1E240-CA16-4A89-8BAB-DE0BDA935ACC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5ACC85A7-5322-4196-9261-2A27707D013E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6509AE6F-58E6-4170-AB04-41611B342B00}" = lport=10243 | protocol=6 | dir=in | app=system | "{7229BB23-AFD8-4A42-BC08-02A2187AF50D}" = lport=137 | protocol=17 | dir=in | app=system | "{7E43CA4C-603B-4E27-A03C-C77E2C67A9F3}" = lport=445 | protocol=6 | dir=in | app=system | "{84117D00-0A8F-476E-B52B-623F299BEF33}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95D9A26B-58F1-4E71-9519-5EAF9458DACB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C679ABD-6578-4C0A-A73E-BD3893E133A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9E494A85-A423-4055-BEAD-E3DC93D9DC10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA5A4BCF-DC4E-41C6-8875-0916807CA5E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AED682D1-074F-4335-9607-BBC006F4CC00}" = lport=139 | protocol=6 | dir=in | app=system | "{B06CD273-A3DA-4592-BB2C-D3C36C233FB0}" = rport=139 | protocol=6 | dir=out | app=system | "{B7E1664C-A81A-456D-BF70-533E582BBC4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C0756EC1-1A66-4233-B4C2-AE72057E5682}" = rport=137 | protocol=17 | dir=out | app=system | "{C443A18B-5D43-417F-A91D-3D41EEE7BAE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D3E53606-1995-4A74-88E0-2159295401BD}" = rport=138 | protocol=17 | dir=out | app=system | "{DEAE0C86-C8AC-49AE-8323-A0C0FCFD6F02}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{F5393C88-7109-42F0-970B-4E9213414335}" = lport=2869 | protocol=6 | dir=in | app=system | "{FABE6081-8C4E-4018-90D1-EF25FEDAE61D}" = rport=10243 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B9F6B7-428D-4202-83AB-170A6A0E4BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0561C7DD-A165-4B84-B465-1E4AF38017F4}" = protocol=17 | dir=in | app=e:\gry\pes 2012\pes2012.exe | "{165A1781-9FDC-40F3-A6CC-40B70347C85F}" = protocol=6 | dir=in | app=e:\gry\pes 2012\pes2012.exe | "{1904385E-F5B1-46F9-B3D2-C250630E4BD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{20DFB587-EF49-4167-B620-4A8ABC71064A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{277CD677-AE3F-489D-8264-233BDDB5571A}" = protocol=17 | dir=in | app=e:\gry\super street fighter iv\ssfiv.exe | "{34D1A971-FF18-49A4-99D9-9A1ABA64298B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{359B2ABA-8181-4809-914E-6711E94B6042}" = protocol=17 | dir=in | app=e:\gry\grid\grid.exe | "{405E590F-81C8-46A0-873C-BB99C1AB418F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{44038188-8C2C-49A1-946A-F6CA409114CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{49872AD4-85D4-4EF5-8DB6-D645CEF284B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51E0AC72-5BE2-4285-BF05-AAF7BAEF2CA0}" = protocol=6 | dir=in | app=e:\gry\pes 2012\pes2012.exe | "{5AEE6D65-5D81-4462-9366-18357D8DA867}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B8FB475-B3A0-4E74-911A-C8C7B5F945B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64790E37-12F7-46F6-B51E-4C302795AD3C}" = protocol=17 | dir=in | app=e:\programy\utorrent\utorrent.exe | "{75F83EC5-0D34-4120-B1A7-62CC7901FE93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8353E8BC-0AE3-4460-88B5-CFFBE3BDF91A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{9436808B-8B51-44E3-8554-DB84F5285B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DBFA651-4240-4216-9C67-AD290582163F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A3D0DADA-4031-4FB1-BA7E-1BD47DE60CFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A9257349-AF19-4D95-B2EA-FDDA6B2B2482}" = protocol=6 | dir=out | app=system | "{ABEBBA8C-6317-4591-B6F7-D4F1DC5F3827}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AFE3AE6E-656F-4420-BD15-D0AB5718D91A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C120E978-DE27-41B3-8A46-3389CDA6C8E4}" = protocol=6 | dir=in | app=e:\programy\utorrent\utorrent.exe | "{C20A8DFB-8DFA-456F-B289-BDD75DC7DCB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C36BC401-622C-4EF3-8255-97A84BE54ADD}" = protocol=6 | dir=in | app=e:\gry\max payne 3\playmaxpayne3.exe | "{D05B909D-6452-440D-BC01-BB500E38EF1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D230F765-979E-48B1-9663-85AE9E599341}" = protocol=17 | dir=in | app=e:\gry\max payne 3\playmaxpayne3.exe | "{D5E350BA-ECD9-429B-A50D-5D31DF47B1D8}" = protocol=17 | dir=in | app=e:\gry\pes 2012\pes2012.exe | "{D75F4C73-4DA4-4FBA-A76A-3FB2CB529E1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D8B4ADDE-8BA5-4CB0-AE1A-68943726071E}" = protocol=6 | dir=in | app=e:\gry\grid\grid.exe | "{D93CF7BF-9D76-4C9A-816C-90FD64F7F036}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{DC3A695C-27D4-40C0-9A77-66421A022DD5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{ECEDB9C0-61BB-49DF-B935-A6B02022C424}" = protocol=6 | dir=in | app=e:\gry\super street fighter iv\ssfiv.exe | "{EEE83817-C88F-48BE-9DE1-BCA11A0B1F5F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F7ECE5B8-84BA-4153-8203-05960D9CA308}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA86B15A-A545-47DB-8501-4182C21A6B77}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{335293A2-7D30-4A84-81F8-98C7D027CBBE}E:\programy\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\programy\gadu-gadu 10\gg.exe | "UDP Query User{2940AABC-EFA5-4D56-BF50-8076AA0A5236}E:\programy\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\programy\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{22950922-8438-4c84-80d5-a17e6c2a5717}.sdb" = Adobe Audition 3 Vista Compatibility "{87F6F619-E6FB-47E6-B03A-0E5383C82F79}" = ESET Smart Security "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010 "{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Polish "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers "{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIMP3" = AIMP3 "Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.2 "DAEMON Tools Lite" = DAEMON Tools Lite "dBpoweramp Music Converter" = dBpoweramp Music Converter "Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 "Deus Ex Human Revolution_is1" = Deus Ex Human Revolution "FormatFactory" = FormatFactory 2.90 "Gadu-Gadu 10" = Gadu-Gadu 10 "GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "HD Tune_is1" = HD Tune 2.55 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full) "LG PC Suite IV" = LG PC Suite IV "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Rockstar Games Social Club" = Rockstar Games Social Club "Test Drive Unlimited 2_is1" = Test Drive Unlimited 2 "Ultra Video Converter_is1" = Ultra Video Converter 5.3.0206 "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "YU2010_is1" = Your Uninstaller! 7 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-03 06:13:15 | Computer Name = BOX | Source = ESENT | ID = 454 Description = Windows (3004) Windows: Odzyskiwanie/przywracanie bazy danych nie powiodło się z powodu nieoczekiwanego błędu: -543. Error - 2012-07-03 06:13:16 | Computer Name = BOX | Source = Windows Search Service | ID = 9000 Description = Error - 2012-07-03 06:13:16 | Computer Name = BOX | Source = Windows Search Service | ID = 7040 Description = Error - 2012-07-03 06:13:16 | Computer Name = BOX | Source = Windows Search Service | ID = 7042 Description = Error - 2012-07-03 06:13:16 | Computer Name = BOX | Source = Windows Search Service | ID = 9002 Description = Error - 2012-07-03 06:13:16 | Computer Name = BOX | Source = Windows Search Service | ID = 3029 Description = Error - 2012-07-03 06:13:19 | Computer Name = BOX | Source = Windows Search Service | ID = 3029 Description = Error - 2012-07-03 06:13:20 | Computer Name = BOX | Source = Windows Search Service | ID = 3028 Description = Error - 2012-07-03 06:13:20 | Computer Name = BOX | Source = Windows Search Service | ID = 3058 Description = Error - 2012-07-03 06:13:20 | Computer Name = BOX | Source = Windows Search Service | ID = 7010 Description = [ System Events ] Error - 2012-04-27 13:00:30 | Computer Name = BOX | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2012-04-28 11:43:32 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-28 15:56:29 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-29 05:03:42 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-29 09:39:25 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-29 11:45:54 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-29 16:41:48 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-04-30 12:48:25 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-05-01 04:09:53 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 Error - 2012-05-01 11:33:41 | Computer Name = BOX | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147014847 < End of report > [/log] [size=5][b]RSIT:[/b][/size] [log]Logfile of random's system information tool 1.09 (written by random/random) Run by Krzysiek at 2012-07-13 13:51:58 Microsoft Windows 7 Ultimate System drive C: has 23 GB (45%) free of 51 GB Total RAM: 4094 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:52:02, on 2012-07-13 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe E:\Programy\Firefox\firefox.exe E:\Programy\Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Users\Krzysiek\Desktop\Programy\RSIT.exe C:\Program Files (x86)\trend micro\Krzysiek.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - E:\Programy\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programy\Java\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programy\Java\bin\jp2ssv.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-21-786986412-1690990626-2942290277-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-786986412-1690990626-2942290277-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{57281A59-3AF5-479A-A5E2-D089048E465C}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{57281A59-3AF5-479A-A5E2-D089048E465C}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{57281A59-3AF5-479A-A5E2-D089048E465C}: NameServer = 8.26.56.26,156.154.70.22 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - E:\Programy\ESET SS\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: MBAMService - Malwarebytes Corporation - E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - E:\Programy\O&O\oodag.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8852 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\077cfzeq.default prefs.js - "browser.startup.homepage" - "http://www.google.pl/" prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=346c4386000000000000001fd00d2e1b&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.265 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=E:\Programy\Java\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=E:\Programy\Adobe Reader\Reader\AIR\nppdf32.dll E:\Programy\Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} E:\Programy\Firefox\components\ binary.manifest browsercomps.dll E:\Programy\Firefox\searchplugins\ allegro-pl.xml babylon.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\077cfzeq.default\extensions\ netvideohunter@netvideohunter.com ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}] HistoryTriggerBHO Class - E:\Programy\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll [2011-11-17 36208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - E:\Programy\Java\bin\ssv.dll [2011-12-30 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - E:\Programy\Java\bin\jp2ssv.dll [2011-12-30 42272] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"=E:\Programy\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=E:\Programy\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=xvidvfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-07-13 13:51:58 ----D---- C:\rsit 2012-07-13 13:51:58 ----D---- C:\Program Files (x86)\trend micro 2012-07-03 23:50:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-03 23:03:27 ----D---- C:\Users\Krzysiek\AppData\Roaming\Malwarebytes 2012-07-03 23:03:25 ----D---- C:\ProgramData\Malwarebytes 2012-07-02 00:14:19 ----D---- C:\ProgramData\Rockstar Games 2012-07-01 23:35:15 ----D---- C:\Windows\Minidump 2012-07-01 23:15:33 ----D---- C:\Program Files (x86)\Rockstar Games ======List of files/folders modified in the last 1 month====== 2012-07-13 13:52:02 ----D---- C:\Windows\Prefetch 2012-07-13 13:51:59 ----D---- C:\Windows\Temp 2012-07-13 13:51:58 ----RD---- C:\Program Files (x86) 2012-07-13 12:11:32 ----D---- C:\Windows\SysWOW64 2012-07-13 12:11:29 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-13 11:35:03 ----D---- C:\Windows\System32 2012-07-13 11:35:02 ----D---- C:\Windows\inf 2012-07-13 11:29:41 ----D---- C:\ProgramData\NVIDIA 2012-07-12 23:03:01 ----D---- C:\Windows 2012-07-07 17:52:56 ----AD---- C:\ProgramData\TEMP 2012-07-07 11:57:01 ----SHD---- C:\System Volume Information 2012-07-07 11:20:15 ----D---- C:\Users\Krzysiek\AppData\Roaming\Media Player Classic 2012-07-05 13:12:49 ----D---- C:\Users\Krzysiek\AppData\Roaming\AIMP3 2012-07-03 23:03:25 ----HD---- C:\ProgramData 2012-07-03 12:20:52 ----SD---- C:\ProgramData\Microsoft 2012-07-03 12:10:29 ----D---- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite 2012-07-03 12:10:26 ----D---- C:\Windows\Logs 2012-07-03 12:05:46 ----A---- C:\Windows\SysWOW64\lgAxconfig.ini 2012-07-02 00:40:33 ----SHD---- C:\Windows\Installer 2012-07-02 00:40:00 ----RSD---- C:\Windows\assembly 2012-07-02 00:14:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2012-06-22 17:37:45 ----D---- C:\Windows\rescache 2012-06-21 17:23:24 ----D---- C:\Windows\winsxs 2012-06-17 15:41:24 ----D---- C:\ProgramData\LGMOBILEAX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [] R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [] R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [] R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [] R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [] R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbs64.sys [] R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmdm64.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] S3 Andbus;LGE Android Platform Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus64.sys [] S3 AndDiag;LGE Android Platform USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag64.sys [] S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps64.sys [] S3 ANDModem;LGE Android Platform USB Modem; C:\Windows\system32\DRIVERS\lgandmodem64.sys [] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ekrn;ESET Service; E:\Programy\ESET SS\x86\ekrn.exe [2011-09-22 974944] R2 MBAMService;MBAMService; E:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R2 OODefragAgent;O&O Defrag; E:\Programy\O&O\oodag.exe [2011-10-26 3272016] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] S2 KMService;KMService; C:\Windows\system32\srvany.exe [2011-12-31 8192] S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-03-30 72704] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;„Usługa stanu ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-15 113120] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.09 2012-07-13 13:52:03 ======Uninstall list====== -->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} µTorrent-->"E:\Programy\uTorrent\uTorrent.exe" /UNINSTALL Adobe Audition 3.0.1 Patch-->MsiExec.exe /X{CDEBE7FF-C832-4B91-9214-A4CA610D78C9} Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -maintain plugin Adobe Reader X (10.1.3) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AA1000000001} AIMP3-->E:\Programy\Aimp3\Uninstall.exe Ashampoo Burning Studio 11 v.11.0.2-->"E:\Programy\Ashampoo Burning Studio 11\unins000.exe" DAEMON Tools Lite-->E:\Programy\DAEMON Tools Lite\uninst.exe dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat Deluxe Ski Jump 4-->"E:\Gry\Deluxe Ski Jump 4\Uninstall\unins000.exe" Deus Ex Human Revolution-->"E:\Gry\Deus Ex Human Revolution\unins000.exe" FormatFactory 2.90-->E:\Programy\FormatFactory\uninst.exe Gadu-Gadu 10-->E:\Programy\Gadu-Gadu 10\Uninstall.exe Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GRID-->"C:\Program Files (x86)\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly HD Tune 2.55-->"E:\Programy\HD Tune\unins000.exe" Java(TM) 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216030FF} K-Lite Codec Pack 7.9.0 (Full)-->"E:\Programy\K-Lite Codec Pack\unins000.exe" LG Bluetooth Drivers-->MsiExec.exe /X{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019} LG PC Suite IV-->E:\Programy\LG PC Suite IV\uninstall.exe LG United Mobile Drivers-->MsiExec.exe /X{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D} Malwarebytes Anti-Malware wersja 1.61.0.1400-->"E:\Programy\Malwarebytes' Anti-Malware\unins000.exe" Max Payne 3-->"C:\Program Files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\Setup.exe" -runfromtemp -l0x0415 -removeonly Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} Mozilla Firefox 13.0.1 (x86 pl)-->E:\Programy\Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask OpenAL-->"C:\Program Files (x86)\OpenAL\OalinstGridRelease.exe" /U Pro Evolution Soccer 2012-->MsiExec.exe /X{E737A098-F161-4B6F-AF22-86AAE34F6FBD} Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Rockstar Games Social Club-->C:\Program Files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe Super Street Fighter IV: Arcade Edition-->MsiExec.exe /I{43430FA0-49F0-4B13-B4C5-611000008100} Super Street Fighter IV: Arcade Edition-->MsiExec.exe /X{43430FA0-49F0-4B13-B4C5-611000008100} Test Drive Unlimited 2-->"E:\Gry\TDU2\Uninstall\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Ultra Video Converter 5.3.0206-->"E:\Programy\Ultra Video Converter\unins000.exe" Virtual DJ - Atomix Productions-->E:\Programy\VIRTUA~1\UNWISE.EXE E:\Programy\VIRTUA~1\INSTALL.LOG Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} Your Uninstaller! 7-->"E:\Programy\Your Uninstaller! 7\unins000.exe" ======System event log====== Computer Name: BOX Event Code: 7036 Message: Usługa Instalator modułów systemu Windows weszła w stan uruchomienia. Record Number: 41552 Source Name: Service Control Manager Time Written: 20120325103019.872560-000 Event Type: Informacje User: Computer Name: BOX Event Code: 14206 Message: Serwer multimediów „BOX: Krzysiek:” został zainicjowany pomyślnie i udostępnia multimedia urządzeniom multimediów sieciowych. Record Number: 41551 Source Name: Microsoft-Windows-WMPNSS-Service Time Written: 20120325103016.000000-000 Event Type: Informacje User: Computer Name: BOX Event Code: 7036 Message: Usługa Ochrona oprogramowania weszła w stan uruchomienia. Record Number: 41550 Source Name: Service Control Manager Time Written: 20120325103014.053750-000 Event Type: Informacje User: Computer Name: BOX Event Code: 7036 Message: Usługa Windows Update weszła w stan uruchomienia. Record Number: 41549 Source Name: Service Control Manager Time Written: 20120325103004.709333-000 Event Type: Informacje User: Computer Name: BOX Event Code: 7036 Message: Usługa Host urządzenia UPnP weszła w stan uruchomienia. Record Number: 41548 Source Name: Service Control Manager Time Written: 20120325103002.135329-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 1001 Message: Pakiet błędów , typ 0 Nazwa zdarzenia: PnPDriverNotFound Odpowiedź: Niedostępny Identyfikator pliku Cab: 0 Sygnatura problemu: P1: x64 P2: USB\VID_0AC8&PID_0328&REV_0100&MI_00 P3: P4: P5: P6: P7: P8: P9: P10: Dołączone pliki: C:\Windows\Temp\DMI1B9A.tmp.log.xml Te pliki mogą być dostępne tutaj: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_364d2889372c6fd8e42beb7d15fb9540447b7b_cab_04821be8 Symbol analizy: Ponowne sprawdzanie rozwiązania: 0 Identyfikator raportu: 545b9c1e-3319-11e1-aa15-001fd00d2e1b Stan raportu: 4 Record Number: 5 Source Name: Windows Error Reporting Time Written: 20111230190609.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20111230190451.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20111230190448.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20111230190444.791291-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20111230190445.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: BOX Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: BOX$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1fc Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2052 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120116065212.512021-000 Event Type: Sukcesy inspekcji User: Computer Name: BOX Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Uprawnienia: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Record Number: 2051 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120116065212.480821-000 Event Type: Sukcesy inspekcji User: Computer Name: BOX Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: BOX$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-19 Nazwa konta: USŁUGA LOKALNA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e5 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1fc Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2050 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120116065212.480821-000 Event Type: Sukcesy inspekcji User: Computer Name: BOX Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-20 Nazwa konta: USŁUGA SIECIOWA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e4 Uprawnienia: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Record Number: 2049 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120116065212.449621-000 Event Type: Sukcesy inspekcji User: Computer Name: BOX Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: BOX$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-20 Nazwa konta: USŁUGA SIECIOWA Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e4 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1fc Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2048 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120116065212.449621-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b -----------------EOF----------------- [/log][b]GMER[/b], nie działa prawidłowo... W okienku [i]Rootkit/Malware[/i] (GMER) mogę zaznaczyć jedynie [i]Usługi, Rejestr, Pliki; Partycje; ADS[/i]. Reszta jest "szara". Gdy zaznaczę to co jest, to po skanowaniu otrzymuję komunikat, że program nie odnalazł żadnych modyfikacji systemu i to wszystko. [size=5][b]catchme:[/b][/size] [CODE] detected NTDLL code modification: ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error detected NTDLL code modification: ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error [/CODE] Jak widać z [b]catchme[/b] też coś jest nie tak... po dwukliku na ikonkę programu mrugnie na ekranie czarne okienko i wyskakuje ten powyższy log.
Gość komentarz 12 lipca 2012 komentarz 12 lipca 2012 [quote]W okienku [i]Rootkit/Malware[/i] (GMER) mogę zaznaczyć jedynie [i]Usługi, Rejestr, Pliki; Partycje; ADS[/i]. Reszta jest "szara".[/quote] Gmer jest programem 32 bitowym i nie ma zastosowania na systemach 64bit. pozdro 1
Gość komentarz 13 lipca 2012 komentarz 13 lipca 2012 [quote name='nitro07' timestamp='1341477162' post='1532433'] Z dyskiem twardym jest wszystko w porządku. [/quote] Nie jest wszystko w porządku , z jednym sektorem coś się dzieje złego C5-Data . Wykonaj skanowanie dysku programem MHDD i podaj wyniki. 1
Chris Van Green komentarz 15 lipca 2012 Autor komentarz 15 lipca 2012 Jak odpalić te MHDD???I czy ten program jest w wersji x64?W trybie awaryjnym komputer pracuje normalnie.Ktoś mi pomoże, czy mam oddać kompa do serwisu? Bo nie wiem co robić... Może zainstalować od nowa wina?
kaczus komentarz 16 lipca 2012 komentarz 16 lipca 2012 (edytowane) Pierwszy post - witam serdecznie wszystkich użytkowników tutejszego forum dyskusyjnego. Sam mam identyczny problem, lecz pozwolę sobię utworzyć nowy wątek by koledze nie zasypać swojego. [url="http://hddguru.com/software/2005.10.02-MHDD/"]Pobierasz MHDD[/url] <link poniżej masz wybór pobrania ostatniego obrazu CD. Po ściągnięciu wypalasz obraz na płytkę, lub na pendraka i bootujesz identycznie jakbyś chciał rozpocząc instalacje systemu. W momencie kiedy załaduje się biblioteka MHDD będziesz musiał z listy wyboru dostępnych obecnie urządzeń wybrać swój dysk, najczęściej pozycja 8 (nie wybierz przypadkiem napędu ) Kiedy już wskażesz interesujący Cię dysk w wierszu znajdzie się wartość: MHDD> klikasz na klawiaturze F4 - zmieniasz wartość REMAP na ON (zaznaczasz i SPACJA. REMAP służy do naprawy dysku, najczęściej uszkodzonego sektora etc.) i ponownie klikasz F4 - w tym momencie rozpocznie się skanowanie dysku, gdy się skończy poinformuje się odpowiednim dźwiękiem, lub też komunikatem o skończonym teście i czasie jego trwania. 1
Chris Van Green komentarz 17 lipca 2012 Autor komentarz 17 lipca 2012 Sprawdziłem dysk MHDD i daję screena: SKAN DYSKU: [attachment=20564:IMG011.jpg]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.