x-kom hosting

Wirusy wyłączające komputer.

usiowyus
utworzono
utworzono

Witam jestem tu nowy i prosze o pomoc w rozwiązaniu pewnego problemu, a mianowicie. Mam pare wirusów na komputerze (windows 7) i podczas próby usunięcia, ich różnymi skanerami wyskakuje błąd, że system napotkał problem i za minute nastapi jego zamknięcie, po czym komputer się resetuje. Owe wirusy to: trojan: Win32/Sirefef.AL; Sirefef.AQ; Sirefef.AH oraz Sirefef.R. Tak jak pisałem wyżej nie moge ich usunąć żadnym skanerem. Proszę o pomoc w rozwiązaniu tego problemu. Zaraz wkleje log z combofixa

Gość
komentarz
komentarz

Nie ma potrzeby combofixa te trojany wyczyścimy ręcznie.

usiowyus
komentarz
komentarz

podpowiesz jak ?

Gość
komentarz
komentarz

Zobaczysz.
Tylko powiedz mi ilu bitową masz wersję systemu.
32-bit czy 64-bit ?

usiowyus
komentarz
komentarz

32-bit

Gość
komentarz
komentarz

Pobierz system look

http://jpshortstuff.247fixes.com/SystemLook.exe

W okienko wklej
[code]
:reg
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

:filefind
services.exe
[/code]

Kliknij look i pokaż raport

usiowyus
komentarz
komentarz

SystemLook 30.07.11 by jpshortstuff
Log created at 23:20 on 01/08/2012 by Mateusz
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]
@="Microsoft WBEM New Event Subsystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
@="%systemroot%\system32\wbem\wbemess.dll"
"ThreadingModel"="Both"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
@="MruPidlList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"


========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [09:19 01/08/2012] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-

Gość
komentarz
komentarz

Podaj mi logi z otl bo w tych nie widzę infekcji

1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator. Wklej komendę:

sfc /scanfile=C:\Windows\system32\services.exe

Naciśnij enter.

Zresetuj system.

2. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator. Wklej komendę:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfc.txt & start notepad sfc.txt

Otworzy się log, dołącz go.(zapisz go na pulpicie żebyś nie stracił podczas reszty czynności)


3.Pobierz farbar servies scanner

http://download.bleepingcomputer.com/farbar/FSS.exe

Pozaznaczaj wszystkie kratki i kliknij scan

usiowyus
komentarz
komentarz (edytowane)

log z FSS:
[log]
Farbar Service Scanner Version: 26-07-2012
Ran by Mateusz (administrator) on 02-08-2012 at 10:13:06
Running from "C:\Users\Mateusz\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
[/log]
plik wygenerowany przez CMD:
[log]
2012-08-02 10:05:12, Info CSI 00000009 [SR] Verifying 1 components
2012-08-02 10:05:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-08-02 10:05:15, Info CSI 0000000c [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-02 10:05:15, Info CSI 0000000e [SR] Verify complete
2012-08-02 10:05:15, Info CSI 0000000f [SR] Repairing 1 components
2012-08-02 10:05:15, Info CSI 00000010 [SR] Beginning Verify and Repair transaction
2012-08-02 10:05:15, Info CSI 00000012 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-02 10:05:16, Info CSI 00000014 [SR] Repair complete
2012-08-02 10:05:16, Info CSI 00000015 [SR] Committing transaction
2012-08-02 10:05:16, Info CSI 00000019 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2012-08-02 10:05:16, Info CSI 0000001a [SR] Repairing 1 components
2012-08-02 10:05:16, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-08-02 10:05:16, Info CSI 0000001d [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-02 10:05:16, Info CSI 0000001f [SR] Repair complete
[/log]
OTLa nie mogę otworzyć bo wyskakuje błąd, jak tylko się z tym uporam to wkleje log.

nie wiem czy to zbieg okoliczności ale chyba udało się usunąć wirusy bo już mi nie pokazuje ich antywirus. Dla pewności wklejam loga z OTL.

[log] OTL logfile created on: 2012-08-02 10:27:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mateusz\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 58,08% Memory free
3,86 Gb Paging File | 2,70 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,08 Gb Total Space | 26,53 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 175,92 Gb Total Space | 81,95 Gb Free Space | 46,58% Space Free | Partition Type: NTFS
Drive F: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive G: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
Drive H: | 624,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MATEUSZ-NB | User Name: Mateusz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2012-08-02 10:24:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Downloads\OTL(1).exe
PRC - [2012-07-27 00:10:37 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012-07-19 18:25:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-07-19 18:24:58 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2012-03-11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012-03-11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011-11-17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2011-06-24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011-05-04 06:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011-03-28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011-03-28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2010-11-20 14:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2010-11-20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010-07-06 18:30:12 | 009,394,792 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-06-15 12:14:56 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-06-15 12:14:52 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-06-15 12:14:50 | 000,151,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-06-15 12:14:38 | 000,174,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-04-13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2009-07-14 03:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-07-03 11:56:54 | 001,527,893 | ---- | M] (The Firebird Project) -- C:\AWRoot\bin\lib\firebird\bin\fbserver.exe
PRC - [2008-07-03 11:56:54 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\AWRoot\bin\lib\firebird\bin\fbguard.exe
PRC - [2006-01-20 13:21:03 | 002,408,448 | ---- | M] (Gadu-Gadu Sp. z oo) -- C:\Program Files\Gadu-Gadu\gg.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-07-27 00:10:36 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012-07-19 18:24:59 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-05-22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2006-09-14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005-05-24 17:46:33 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2005-05-24 17:45:44 | 000,405,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll
MOD - [2005-05-24 17:45:43 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll
MOD - [2005-05-24 17:45:43 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll
MOD - [2005-05-24 17:45:42 | 000,036,864 | ---- | M] () -- C:\Program Files\Gadu-Gadu\Crypto.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-07-27 00:10:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-19 18:25:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011-04-12 19:06:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010-05-25 17:45:34 | 000,038,560 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-04-13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-07-03 11:56:54 | 001,527,893 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\AWRoot\bin\lib\firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2008-07-03 11:56:54 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\AWRoot\bin\lib\firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012-03-11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012-03-11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012-03-02 19:20:36 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012-02-03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011-07-29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011-07-29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011-04-27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011-04-18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010-12-01 13:44:16 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010-12-01 13:44:12 | 000,143,248 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010-12-01 13:44:12 | 000,111,504 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010-12-01 13:44:12 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010-12-01 13:44:12 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-05-6 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008-03-13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007-01-29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]
IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url]
IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110819&tt=010712_5&babsrc=SP_ss&mntrId=58589e4c00000000000088ae1d7d00da"]http://search.babylo...00088ae1d7d00da[/url]
IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-12 16:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-19 18:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-10-08 11:50:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-12 16:54:33 | 000,000,000 | ---D | M]

[2012-02-29 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions
[2012-02-29 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa78}
[2012-08-01 22:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions
[2012-08-01 22:38:24 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions\crossriderapp4479@crossrider.com
[2011-05-11 16:09:03 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions\DefaultManager@Microsoft
[2012-05-06 20:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-05 10:36:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-07-19 18:25:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-27 21:06:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-09-14 14:28:19 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-05 12:49:35 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-09-14 14:28:19 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-09-14 14:28:19 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-09-14 14:28:19 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-09-14 14:28:19 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-09-14 14:28:19 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [url="http://search.babylon.com/?affID=110819&tt=010712_5&babsrc=HP_ss&mntrId=58589e4c00000000000088ae1d7d00da"]http://search.babylo...00088ae1d7d00da[/url]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Szukaj w Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Click to Call = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Psa DDC SingleSignOn BHO) - {CFCCB454-80CF-481f-B50A-29112EBB0F85} - C:\APP\ddc\bin\DdcSingleSignOnBHOu.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo)
O4 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E03657D-DD30-443F-A942-F68F54B6DEE7}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC838DB3-EC48-429F-98AD-5715FFACB3D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC838DB3-EC48-429F-98AD-5715FFACB3D2}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFEF7C54-9281-4263-BA01-E745A0A66BCB}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011-08-22 17:29:11 | 000,016,730 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2001-10-26 18:12:38 | 000,000,112 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AthBtTray[/b] - hkey= - key= - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig - StartUpReg: [b]AtherosBtStack[/b] - hkey= - key= - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b] - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: [b]ChomikBox[/b] - hkey= - key= - C:\Program Files\ChomikBox\chomikbox.exe ( )
MsConfig - StartUpReg: [b]ediagStart[/b] - hkey= - key= - C:\APP\ediag\eDiagStart.lnk ()
MsConfig - StartUpReg: [b]ETDWare[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Facebook Update[/b] - hkey= - key= - C:\Users\Pozostali\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo)
MsConfig - StartUpReg: [b]Gadwin PrintScreen[/b] - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: [b]IAStorIcon[/b] - hkey= - key= - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: [b]Nowe Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Nowe Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
MsConfig - StartUpReg: [b]PPDiag Client Service[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]psastart[/b] - hkey= - key= - C:\APP\ddc\bin\psastart.exe ()
MsConfig - StartUpReg: [b]SIM[/b] - hkey= - key= - C:\APP\SIM\SIMBat.lnk ()
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]uTorrent[/b] - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2012-08-01 23:10:22 | 000,000,000 | ---D | C] -- C:\ComboFix_www.INSTALKI.pl
[2012-08-01 23:08:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-01 23:05:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-08-01 23:05:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-08-01 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\HPAppData
[2012-08-01 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-08-01 10:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012-08-01 10:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF857AEB261DB3555CF6E56C3443
[2012-07-31 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF857AEB261DB3555CF6F875EF7E
[2012-07-30 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{C2B7C2E7-3697-4B14-B985-9208000C0E2F}
[2012-07-30 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{018F3C81-D8B6-4031-8F77-81FF8707BB53}
[2012-07-27 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{33CE264E-315A-43F3-BCA6-FCE9AA9730F4}
[2012-07-27 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{984F3EBE-4E96-42D4-86EC-B913F7E70409}
[2012-07-26 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\aktualne zdjęcia na stronę
[2012-07-26 13:54:39 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\Nowy folder
[2012-07-26 12:44:44 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini
[2012-07-26 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{69D29DEA-1C7F-49BF-92B7-AE9524F2ADD9}
[2012-07-26 12:44:30 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{DDF4BE79-1277-4371-A1CC-26B4678759E6}
[2012-07-26 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\posortowane
[2012-07-25 16:38:57 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{9292D1CC-81FF-448A-9F7F-0C338000635F}
[2012-07-25 16:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012-07-25 16:20:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012-07-25 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-07-25 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012-07-25 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012-07-24 17:21:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{D5A917EC-F89C-412E-A268-5BC497B0CB35}
[2012-07-24 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1ABE458D-77C2-44DF-85E4-942870D84C4E}
[2012-07-23 16:58:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F45E00AF-E622-4096-97F8-759F54F78EA2}
[2012-07-21 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F5D0B233-38F4-47C0-9BA3-7F699C051738}
[2012-07-17 16:18:48 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{46971AA4-B732-4882-9FF5-0D65D39605B3}
[2012-07-17 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{91A9C260-84FD-44DE-847C-FB0AA2BAC60A}
[2012-07-10 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{077C8DDD-BB91-4C62-B28D-31E5A8312EE1}
[2012-07-10 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{4D6FE1AE-B495-4D42-98D1-0514A28FD1D5}
[2012-07-08 11:05:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2012-07-08 11:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2012-07-06 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A216628A-555A-4ADB-BFB9-7DE1BC5AA398}
[2012-07-05 14:12:20 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Ahead
[2012-07-05 14:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
[2012-07-05 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Ahead
[2012-07-05 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012-07-05 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\.gstreamer-0.10
[2012-07-05 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\ChomikBox
[2012-07-05 12:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl
[2012-07-05 12:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox
[2012-07-05 12:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012-07-05 12:49:34 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Giant Savings
[2012-07-05 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Babylon
[2012-07-05 12:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012-07-05 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{5ABC51B6-1A54-4D8D-B118-A479EF1AD822}
[2012-07-05 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{52B78271-69C4-4709-B89E-FE9FCE8FD257}
[2012-07-04 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{89C099DC-9303-4923-9680-24262E9BE538}
[2012-07-04 11:40:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0B927405-0BA0-4599-924D-193181818CD7}
[2012-07-04 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{665C816A-D398-4096-88C3-6AD67EE19273}
[2012-07-03 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{33AFDBDE-E7A0-4A98-B867-7283464980C9}
[2012-07-03 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{8EFE08AC-3AF3-479A-99B9-EB8C28969C1B}
[2012-07-01 23:05:00 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{7D170B7C-2BB1-4011-84F6-49BC3184D30A}
[2012-07-01 23:04:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{28432597-DA53-4135-AE06-7F759C4CD738}
[2012-06-29 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{60E9BA7F-7A9C-4C4B-B756-EE962DD9381C}
[2012-06-29 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{54DF7837-32BC-439C-A40D-90E2C90E3D5A}
[2012-06-28 20:56:25 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{2E3D969C-7874-4D95-A6CF-FEA1DC329B17}
[2012-06-28 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{231CBFC8-FAB0-4133-81C4-29F7BEE6430B}
[2012-06-26 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{44AA649E-83C0-48A0-B380-6454121E69FE}
[2012-06-25 14:22:48 | 000,000,000 | ---D | C] -- C:\oud
[2012-06-25 14:13:53 | 000,000,000 | ---D | C] -- C:\CDTELE
[2012-06-25 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiagBox
[2012-06-25 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\DiagBox
[2012-06-25 14:00:10 | 000,000,000 | ---D | C] -- C:\TMP
[2012-06-25 14:00:07 | 000,000,000 | ---D | C] -- C:\dual
[2012-06-25 13:54:57 | 000,000,000 | ---D | C] -- C:\AWRoot
[2012-06-25 13:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wifi
[2012-06-25 13:53:36 | 000,000,000 | ---D | C] -- C:\APP
[2012-06-25 13:53:34 | 000,000,000 | ---D | C] -- C:\Backup_DB
[2012-06-25 13:50:13 | 000,000,000 | ---D | C] -- C:\TEMP
[2012-06-25 09:42:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{8D4BBD55-5054-4105-929D-221D75A0DF70}
[2012-06-25 09:42:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A276CE86-BFD9-4AE6-8A6F-0EBA19EF8E98}
[2012-06-22 23:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.1 Home Edition
[2012-06-22 23:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2012-06-22 12:07:11 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{569608A0-0948-44A6-B61B-6EDCE67E7914}
[2012-06-22 12:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{EADB8842-2BE2-49EE-8BA7-604E9412C3E5}
[2012-06-22 11:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B000CD1BB00650256B4EB238B
[2012-06-21 09:46:58 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{67D85563-86EB-429E-80B8-C111AAA498ED}
[2012-06-21 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{104E9360-2803-432A-A003-41AE47312463}
[2012-06-21 09:45:55 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012-06-20 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1966F075-0A34-4CD0-974E-CA9CFF7962A8}
[2012-06-20 18:59:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{89B03D46-7D7E-4701-B511-0ED70F87A36B}
[2012-06-19 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0EE4730F-C5AE-4493-BFD4-338BE9BD9237}
[2012-06-19 14:30:28 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{96BD2922-8AE3-48D9-BC71-C31A36381082}
[2012-06-18 22:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1C64AD44-79A8-4CEE-876F-D865F42EB02C}
[2012-06-17 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F0FB06BB-8C95-4A46-BDB9-6FCE58CA05CB}
[2012-06-15 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{AD160075-986B-4441-893F-91ACD0C6C860}
[2012-06-13 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{D47CED42-1735-4DC3-96B1-29530D503664}
[2012-06-12 17:45:10 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A75F074F-9D12-48D8-BDDA-9A7AC66599B4}
[2012-06-12 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F3B8AE4F-8058-4818-B0DE-632AAC291392}
[2012-06-12 13:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{64B14A30-6C34-4BDD-910B-C57834A345A1}
[2012-06-12 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A740D7E5-2520-4323-98A2-8B0453A45E9E}
[2012-06-11 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{505683AD-9B1E-407D-91F7-3F82740DC180}
[2012-06-11 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{B5F5ACDC-3B01-4B60-A734-79309C99C87E}
[2012-06-11 07:12:38 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Macromedia
[2012-06-09 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{DC845453-9DC9-4557-9286-D9FA4226DFBD}
[2012-06-09 21:40:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{3AEC604A-67ED-4716-B50D-87A9B61D56B6}
[2012-06-05 22:53:02 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0F8CB800-71C0-4F16-834E-10CB9559C5C6}
[2012-06-05 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{CACEE97A-17F5-49D0-9BE7-E592EABB2530}
[2012-06-04 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{85EB7DB0-2B6E-41FB-B964-DA061E8533FB}
[2012-06-04 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{B1526651-676D-472C-AADF-D1A870DF76E2}

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2012-08-02 10:13:38 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-02 10:13:38 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-02 10:10:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-02 10:07:53 | 000,000,000 | ---- | M] () -- C:\Users\Mateusz\sfc.tx
[2012-08-02 10:06:36 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-02 10:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-02 10:06:17 | 1555,537,920 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-01 23:10:23 | 000,000,380 | ---- | M] () -- C:\Start_.cmd
[2012-08-01 22:55:28 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-01 22:55:27 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-01 13:48:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003UA.job
[2012-08-01 10:49:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-08-01 10:49:41 | 000,705,036 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-08-01 10:49:41 | 000,621,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-08-01 10:49:41 | 000,137,962 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-08-01 10:49:41 | 000,108,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-08-01 10:46:58 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012-08-01 00:12:40 | 000,000,600 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\winscp.rnd
[2012-07-31 17:14:57 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003Core.job
[2012-07-26 12:44:33 | 008,680,717 | ---- | M] () -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini.rar
[2012-07-25 16:19:47 | 329,207,381 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-07-08 11:06:39 | 046,534,438 | ---- | M] () -- C:\Users\Mateusz\Documents\clip0002.avi
[2012-07-08 11:05:50 | 002,039,436 | ---- | M] () -- C:\Users\Mateusz\Documents\clip0001.avi
[2012-07-05 14:10:13 | 000,002,754 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-07-05 12:59:07 | 000,000,632 | ---- | M] () -- C:\Users\Public\Desktop\ChomikBox.lnk
[2012-07-05 12:51:40 | 000,002,061 | ---- | M] () -- C:\Users\Mateusz\Desktop\JDownloader.lnk
[2012-07-05 12:49:48 | 000,000,249 | ---- | M] () -- C:\user.js
[2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-06-25 14:00:22 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\DiagBox.lnk
[2012-06-23 14:33:10 | 000,001,414 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012-06-22 23:18:14 | 000,001,430 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-02 10:07:53 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\sfc.tx
[2012-08-01 23:12:11 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{277a136f-0211-5ec0-e545-df8d5184cc37}\U\00000001.@
[2012-08-01 23:10:23 | 000,000,380 | ---- | C] () -- C:\Start_.cmd
[2012-08-01 10:49:37 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012-08-01 10:46:58 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012-07-26 22:44:54 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012-07-26 12:44:35 | 008,680,717 | ---- | C] () -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini.rar
[2012-07-25 16:19:47 | 329,207,381 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-07-08 11:06:18 | 046,534,438 | ---- | C] () -- C:\Users\Mateusz\Documents\clip0002.avi
[2012-07-08 11:05:42 | 002,039,436 | ---- | C] () -- C:\Users\Mateusz\Documents\clip0001.avi
[2012-07-05 14:10:13 | 000,002,754 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-07-05 12:59:07 | 000,000,632 | ---- | C] () -- C:\Users\Public\Desktop\ChomikBox.lnk
[2012-07-05 12:51:40 | 000,002,061 | ---- | C] () -- C:\Users\Mateusz\Desktop\JDownloader.lnk
[2012-07-05 12:51:38 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012-07-05 12:51:38 | 000,001,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012-07-05 12:51:37 | 000,001,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012-07-05 12:49:47 | 000,000,249 | ---- | C] () -- C:\user.js
[2012-06-25 14:27:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012-06-25 14:27:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012-06-25 14:00:22 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\DiagBox.lnk
[2012-06-23 14:32:30 | 000,001,414 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2012-06-22 23:18:14 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012-06-22 23:18:14 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012-06-22 23:18:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012-06-22 23:18:14 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012-06-22 23:18:14 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012-06-22 23:18:14 | 000,001,430 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk
[2012-05-17 18:02:36 | 000,000,132 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG
[2012-05-16 18:51:11 | 000,000,600 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\winscp.rnd
[2012-01-11 16:49:55 | 000,002,048 | -HS- | C] () -- C:\Users\Pozostali\AppData\Local\{277a136f-0211-5ec0-e545-df8d5184cc37}\@
[2011-10-08 11:50:09 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-04-18 09:55:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-16 22:28:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-04-14 11:56:19 | 000,000,180 | ---- | C] () -- C:\Users\Mateusz\.packettracer
[2011-04-13 21:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-04-12 16:43:45 | 000,211,151 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011-04-12 16:43:45 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011-04-11 21:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011-04-11 21:43:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011-04-11 21:42:37 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011-04-11 21:42:37 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011-04-11 21:42:36 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011-04-11 21:42:36 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011-04-11 21:42:36 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011-04-11 20:55:17 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011-04-11 20:55:17 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2011-04-11 20:55:17 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011-04-11 20:55:17 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2011-04-11 20:55:17 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011-04-11 20:37:43 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-04-11 20:37:35 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011-04-11 20:37:35 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-04-11 20:37:35 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-04-11 20:37:31 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012-02-29 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Actia
[2012-07-05 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Babylon
[2011-04-12 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Dev-Cpp
[2011-09-25 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\FileZilla
[2011-04-15 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Free Monitor for Google
[2011-09-25 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\GHISLER
[2012-05-16 20:38:55 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\IrfanView
[2012-06-01 22:29:57 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Mikrotik
[2011-09-21 19:15:33 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Nowe Gadu-Gadu
[2011-04-12 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Softland
[2012-05-17 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-05-16 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\svBuilder
[2012-05-07 09:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\SWiSH Max4
[2011-04-11 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\TeamViewer
[2012-01-15 22:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\uTorrent
[2011-05-05 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Windows Live Writer
[2011-10-07 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Pozostali\AppData\Roaming\Nowe Gadu-Gadu
[2012-04-07 21:52:30 | 000,000,000 | ---D | M] -- C:\Users\Pozostali\AppData\Roaming\uTorrent
[2012-07-31 17:14:57 | 000,001,072 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003Core.job
[2012-08-01 13:48:46 | 000,001,094 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003UA.job
[2012-04-04 15:27:54 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011-08-22 17:29:11 | 000,016,730 | ---- | M] () -- C:\AutoMapaSetupLog.txt
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012-08-02 10:06:17 | 1555,537,920 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012-08-02 10:06:19 | 2074,054,656 | -HS- | M] () -- C:\pagefile.sys
[2012-08-01 23:10:23 | 000,000,380 | ---- | M] () -- C:\Start_.cmd
[2012-06-25 15:29:30 | 000,004,446 | ---- | M] () -- C:\STCAPI_traces_2012-06-25.log
[2012-06-25 14:51:41 | 000,000,036 | ---- | M] () -- C:\TraceInstPC.log
[2012-07-05 12:49:48 | 000,000,249 | ---- | M] () -- C:\user.js

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

[/log]

[log]
OTL Extras logfile created on: 2012-08-02 10:27:16 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mateusz\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 58,08% Memory free
3,86 Gb Paging File | 2,70 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,08 Gb Total Space | 26,53 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 175,92 Gb Total Space | 81,95 Gb Free Space | 46,58% Space Free | Partition Type: NTFS
Drive F: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive G: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,24% Space Free | Partition Type: NTFS
Drive H: | 624,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MATEUSZ-NB | User Name: Mateusz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [ChomikBox.Upload] -- "C:\Program Files\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7B7598-88EA-4442-A54E-65EADCF06D97}" = ChomikBox
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_VISPROR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0054-0415-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Polish) 2007
"{90120000-0054-0415-0000-0000000FF1CE}_VISPROR_{F0302E0A-BDB9-449F-81B4-6A7557EE9C5C}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_VISPROR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{91C0B95B-B83A-4828-A775-BBE2DD421045}" = Nero 7 Ultra Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A18F0A9D-D67B-35D8-C041-067E5F2DF2F9}" = svBuilder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABB2B52E-D1C1-49F1-AF2D-863B4CB9E580}" = Oracle VM VirtualBox 3.2.12
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE0D4117-9AEB-4021-9903-5536500CF5E8}" = Pit Pro 2011
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE123-C491-4D8C-BC86-FDF604F00226}" = Broadcom Gigabit Integrated Controller
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"06330AEC489EF74CA815EB51EB0BFB271730A066" = Pakiet sterowników systemu Windows - ACTIA Automotive ACTIA USB Devices Driver Installation Media (06/16/2010 1.00.00)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Packet Tracer 5.3.2_is1" = Cisco Packet Tracer 5.3.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"doPDF 7 printer_is1" = doPDF 7.0 printer
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Elantech" = ETDWare PS/2-x86 7.0.6.5_WHQL
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.0
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Gadu-Gadu" = Gadu-Gadu 7.0
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HyperCam 2" = HyperCam 2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full
"LameACM" = LameACM
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MoorHunt_is1" = MoorHunt 0.6.7.2
"Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Packet Tracer 4.0_is1" = Packet Tracer 4.0
"PAP 4.0_is1" = PAP 4.0
"PAP project files_is1" = PAP project files
"PhotoFiltre" = PhotoFiltre
"RealAlt_is1" = Real Alternative 1.9.0
"Shop for HP Supplies" = Shop for HP Supplies
"svBuilder" = svBuilder
"SWiSH Max4" = SWiSH Max4
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"TVWiz" = Intel(R) TV Wizard
"UltraISO_is1" = UltraISO Premium V9.33
"uTorrent" = µTorrent
"VISPROR" = Microsoft Office Visio Professional 2007
"WebSite PRO_is1" = WebSite PRO 4.3
"Winamp" = Winamp
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"winscp3_is1" = WinSCP 4.3.7

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-03 07:25:47 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft
security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest
elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie
jest obsługiwane w tej wersji systemu Windows.

Error - 2012-07-04 11:15:06 | Computer Name = Mateusz-NB | Source = Google Update | ID = 20
Description =

Error - 2012-07-05 09:46:41 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft
security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest
elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie
jest obsługiwane w tej wersji systemu Windows.

Error - 2012-07-21 15:09:47 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe,
wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd:
NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod
wyjątku: 0xc0000005 Przesunięcie błędu: 0x001d1e33 Identyfikator procesu powodującego
błąd: 0x948 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6772b7c9ca97 Ścieżka
aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
Identyfikator
raportu: a2ae11d4-d367-11e1-aa47-88ae1d7d00da

Error - 2012-07-22 07:12:29 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe,
wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd:
NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod
wyjątku: 0xc0000005 Przesunięcie błędu: 0x004923d1 Identyfikator procesu powodującego
błąd: 0xabc Godzina uruchomienia aplikacji powodującej błąd: 0x01cd67f9e8b456db Ścieżka
aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
Identyfikator
raportu: 1f969857-d3ee-11e1-aa47-88ae1d7d00da

Error - 2012-07-24 16:13:36 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe,
wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd:
NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod
wyjątku: 0xc0000005 Przesunięcie błędu: 0x001d1e33 Identyfikator procesu powodującego
błąd: 0x2f4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd69d810fe0e2d Ścieżka
aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
Identyfikator
raportu: 0c5cd0f4-d5cc-11e1-8e67-88ae1d7d00da

Error - 2012-07-25 05:01:36 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft
security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest
elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie
jest obsługiwane w tej wersji systemu Windows.

Error - 2012-07-26 16:31:19 | Computer Name = Mateusz-NB | Source = MsiInstaller | ID = 11704
Description =

Error - 2012-07-30 11:01:00 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Updater.exe, wersja: 5.10.1.44067,
sygnatura czasowa: 0x4fd0eef7 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x006b00c4
Identyfikator
procesu powodującego błąd: 0x1008 Godzina uruchomienia aplikacji powodującej błąd:
0x01cd6e5fd370ac09 Ścieżka aplikacji powodującej błąd: C:\Program Files\Skype\Updater\Updater.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: 5f3a8721-da57-11e1-81fe-88ae1d7d00da

Error - 2012-07-31 05:05:58 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft
security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest
elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie
jest obsługiwane w tej wersji systemu Windows.

[ System Events ]
Error - 2012-08-01 17:43:31 | Computer Name = Mateusz-NB | Source = Microsoft Antimalware | ID = 1119
Description = Program %%860 napotkał błąd krytyczny podczas podejmowania działania
związanego ze złośliwym lub innym potencjalnie niechcianym oprogramowaniem. Aby
uzyskać więcej informacji, patrz: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284

Nazwa:
Trojan:Win32/Sirefef.AH Identyfikator: 2147655284 Waga: Poważny Kategoria: Koń trojański

Ścieżka:
containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:580

Pochodzenie
wykrycia: %%845 Typ wykrycia: %%822 Źródło wykrycia: %%820 Użytkownik: ZARZĄDZANIE
NT\SYSTEM Nazwa procesu: C:\Windows\system32\services.exe Działanie: %%808 Stan działania:
No additional actions required Kod błędu: 0x800704ec Opis błędu: Ten program jest
blokowany przez zasady grupy. Aby uzyskać więcej informacji, skontaktuj się z administratorem
systemu. Wersja podpisu: AV: 1.131.1153.0, AS: 1.131.1153.0, NIS: 11.159.0.0 Wersja
aparatu: AM: 1.1.8601.0, NIS: 2.0.8001.0

Error - 2012-08-02 04:02:28 | Computer Name = Mateusz-NB | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 23:43:30 na ?2012-?08-?01 było
nieoczekiwane.

Error - 2012-08-02 04:02:32 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1060

Error - 2012-08-02 04:02:36 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1060

Error - 2012-08-02 04:03:08 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
wystąpił następujący błąd: %%-2147024891

Error - 2012-08-02 04:03:08 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów
odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%-2147024891

Error - 2012-08-02 04:06:27 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1060

Error - 2012-08-02 04:06:35 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1060

Error - 2012-08-02 04:07:03 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023
Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie;
wystąpił następujący błąd: %%-2147024891

Error - 2012-08-02 04:07:03 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów
odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%-2147024891


< End of report >

[/log]

Gość
komentarz
komentarz

Udało ci się bo combofix był w akcji i on naprawił wartości rejestru ale to jeszcze nie koniec.

1. Uruchom OTL i w okno [b]Własne opcje skanowania /skrypt[/b]

Wklej

[code]
:OTL
O4 - HKLM..\Run: [] File not found
:Files
C:\Windows\Installer\{277a136f-0211-5ec0-e545-df8d5184cc37}\U\00000001.@
C:\Users\Pozostali\AppData\Local\{277a136f-0211-5ec0-e545-df8d5184cc37}\@
C:\Users\Mateusz\AppData\Roaming\Babylon
:Commands
[EMPTYTEMP]
[/code]

Kliknij [b]Wykonaj skrypt[/b]

2.Po restarcie kliknij [b]Sprzątanie[/b]

3.Wykonujesz odbudowe zapory(mpsdrv+MpsSvc+shared access)
wedle tej instrukcji:
http://www.fixitpc.pl/topic/6855-rekonstrukcja-zapory-systemu-windows/


4.Uruchom notatnik i wklej
[code]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library"="bitsperf.dll"
"Open"="PerfMon_Open"
"Collect"="PerfMon_Collect"
"Close"="PerfMon_Close"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"First Counter"=dword:0000086c
"Last Counter"=dword:0000087c
"First Help"=dword:0000086d
"Last Help"=dword:0000087d
"Object List"="2156"
"PerfMMFileName"="Global\\MMF_BITS_s"
"1008"=hex(b):ed,6c,91,96,c4,35,cd,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00

[/code]

Z menu notatnika>Zapisz jako> rozszerzenie zmieniasz na wszytkie pliki>NAzwa fix.reg

Klikasz zapisz i z prawokliku wybierasz scal

Podajesz nowe logi z fss

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.