usiowyus utworzono 1 sierpnia 2012 utworzono 1 sierpnia 2012 Witam jestem tu nowy i prosze o pomoc w rozwiązaniu pewnego problemu, a mianowicie. Mam pare wirusów na komputerze (windows 7) i podczas próby usunięcia, ich różnymi skanerami wyskakuje błąd, że system napotkał problem i za minute nastapi jego zamknięcie, po czym komputer się resetuje. Owe wirusy to: trojan: Win32/Sirefef.AL; Sirefef.AQ; Sirefef.AH oraz Sirefef.R. Tak jak pisałem wyżej nie moge ich usunąć żadnym skanerem. Proszę o pomoc w rozwiązaniu tego problemu. Zaraz wkleje log z combofixa
Gość komentarz 1 sierpnia 2012 komentarz 1 sierpnia 2012 Nie ma potrzeby combofixa te trojany wyczyścimy ręcznie.
Gość komentarz 1 sierpnia 2012 komentarz 1 sierpnia 2012 Zobaczysz. Tylko powiedz mi ilu bitową masz wersję systemu. 32-bit czy 64-bit ?
Gość komentarz 1 sierpnia 2012 komentarz 1 sierpnia 2012 Pobierz system look http://jpshortstuff.247fixes.com/SystemLook.exe W okienko wklej [code] :reg HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s :filefind services.exe [/code] Kliknij look i pokaż raport
usiowyus komentarz 1 sierpnia 2012 Autor komentarz 1 sierpnia 2012 SystemLook 30.07.11 by jpshortstuff Log created at 23:20 on 01/08/2012 by Mateusz Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [09:19 01/08/2012] (Unable to calculate MD5) C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -= EOF =-
Gość komentarz 1 sierpnia 2012 komentarz 1 sierpnia 2012 Podaj mi logi z otl bo w tych nie widzę infekcji 1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator. Wklej komendę: sfc /scanfile=C:\Windows\system32\services.exe Naciśnij enter. Zresetuj system. 2. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator. Wklej komendę: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfc.txt & start notepad sfc.txt Otworzy się log, dołącz go.(zapisz go na pulpicie żebyś nie stracił podczas reszty czynności) 3.Pobierz farbar servies scanner http://download.bleepingcomputer.com/farbar/FSS.exe Pozaznaczaj wszystkie kratki i kliknij scan
usiowyus komentarz 2 sierpnia 2012 Autor komentarz 2 sierpnia 2012 (edytowane) log z FSS: [log] Farbar Service Scanner Version: 26-07-2012 Ran by Mateusz (administrator) on 02-08-2012 at 10:13:06 Running from "C:\Users\Mateusz\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist. ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== sharedaccess Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist. Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** [/log] plik wygenerowany przez CMD: [log] 2012-08-02 10:05:12, Info CSI 00000009 [SR] Verifying 1 components 2012-08-02 10:05:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction 2012-08-02 10:05:15, Info CSI 0000000c [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-08-02 10:05:15, Info CSI 0000000e [SR] Verify complete 2012-08-02 10:05:15, Info CSI 0000000f [SR] Repairing 1 components 2012-08-02 10:05:15, Info CSI 00000010 [SR] Beginning Verify and Repair transaction 2012-08-02 10:05:15, Info CSI 00000012 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-08-02 10:05:16, Info CSI 00000014 [SR] Repair complete 2012-08-02 10:05:16, Info CSI 00000015 [SR] Committing transaction 2012-08-02 10:05:16, Info CSI 00000019 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation. 2012-08-02 10:05:16, Info CSI 0000001a [SR] Repairing 1 components 2012-08-02 10:05:16, Info CSI 0000001b [SR] Beginning Verify and Repair transaction 2012-08-02 10:05:16, Info CSI 0000001d [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-08-02 10:05:16, Info CSI 0000001f [SR] Repair complete [/log] OTLa nie mogę otworzyć bo wyskakuje błąd, jak tylko się z tym uporam to wkleje log. nie wiem czy to zbieg okoliczności ale chyba udało się usunąć wirusy bo już mi nie pokazuje ich antywirus. Dla pewności wklejam loga z OTL. [log] OTL logfile created on: 2012-08-02 10:27:15 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mateusz\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 58,08% Memory free 3,86 Gb Paging File | 2,70 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,08 Gb Total Space | 26,53 Gb Free Space | 30,12% Space Free | Partition Type: NTFS Drive D: | 175,92 Gb Total Space | 81,95 Gb Free Space | 46,58% Space Free | Partition Type: NTFS Drive F: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS Drive G: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,24% Space Free | Partition Type: NTFS Drive H: | 624,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATEUSZ-NB | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-08-02 10:24:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mateusz\Downloads\OTL(1).exe PRC - [2012-07-27 00:10:37 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe PRC - [2012-07-19 18:25:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-07-19 18:24:58 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2012-03-11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012-03-11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2011-11-17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2011-06-24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011-06-15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011-05-04 06:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011-03-28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011-03-28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2010-11-20 14:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2010-11-20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010-07-06 18:30:12 | 009,394,792 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010-06-15 12:14:56 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-06-15 12:14:52 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-06-15 12:14:50 | 000,151,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-06-15 12:14:38 | 000,174,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-04-13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe PRC - [2009-07-14 03:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-07-03 11:56:54 | 001,527,893 | ---- | M] (The Firebird Project) -- C:\AWRoot\bin\lib\firebird\bin\fbserver.exe PRC - [2008-07-03 11:56:54 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\AWRoot\bin\lib\firebird\bin\fbguard.exe PRC - [2006-01-20 13:21:03 | 002,408,448 | ---- | M] (Gadu-Gadu Sp. z oo) -- C:\Program Files\Gadu-Gadu\gg.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-27 00:10:36 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll MOD - [2012-07-19 18:24:59 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-05-22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2006-09-14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2005-05-24 17:46:33 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2005-05-24 17:45:44 | 000,405,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll MOD - [2005-05-24 17:45:43 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll MOD - [2005-05-24 17:45:43 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll MOD - [2005-05-24 17:45:42 | 000,036,864 | ---- | M] () -- C:\Program Files\Gadu-Gadu\Crypto.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-27 00:10:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-19 18:25:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-03-11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011-04-27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011-04-27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011-04-12 19:06:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010-05-25 17:45:34 | 000,038,560 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010-04-13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-07-03 11:56:54 | 001,527,893 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\AWRoot\bin\lib\firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2008-07-03 11:56:54 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\AWRoot\bin\lib\firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012-03-11 21:13:38 | 000,039,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012-03-11 21:13:36 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012-03-02 19:20:36 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2012-02-03 19:27:48 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2011-07-29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011-07-29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011-04-27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011-04-18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010-12-01 13:44:16 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010-12-01 13:44:12 | 000,143,248 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010-12-01 13:44:12 | 000,111,504 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010-12-01 13:44:12 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010-12-01 13:44:12 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-05-6 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2008-03-13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2007-01-29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url] IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/?q=%7BsearchTerms%7D&affID=110819&tt=010712_5&babsrc=SP_ss&mntrId=58589e4c00000000000088ae1d7d00da"]http://search.babylo...00088ae1d7d00da[/url] IE - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-12 16:54:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-19 18:25:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-10-08 11:50:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-12 16:54:33 | 000,000,000 | ---D | M] [2012-02-29 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions [2012-02-29 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa78} [2012-08-01 22:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions [2012-08-01 22:38:24 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions\crossriderapp4479@crossrider.com [2011-05-11 16:09:03 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Mateusz\AppData\Roaming\mozilla\Firefox\Profiles\hhtazr1n.default\extensions\DefaultManager@Microsoft [2012-05-06 20:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-05 10:36:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-07-19 18:25:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-07-27 21:06:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-09-14 14:28:19 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-07-05 12:49:35 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-09-14 14:28:19 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-09-14 14:28:19 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-09-14 14:28:19 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-09-14 14:28:19 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-09-14 14:28:19 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: [url="http://search.babylon.com/?affID=110819&tt=010712_5&babsrc=HP_ss&mntrId=58589e4c00000000000088ae1d7d00da"]http://search.babylo...00088ae1d7d00da[/url] CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Skype Click to Call = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Psa DDC SingleSignOn BHO) - {CFCCB454-80CF-481f-B50A-29112EBB0F85} - C:\APP\ddc\bin\DdcSingleSignOnBHOu.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo) O4 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E03657D-DD30-443F-A942-F68F54B6DEE7}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC838DB3-EC48-429F-98AD-5715FFACB3D2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC838DB3-EC48-429F-98AD-5715FFACB3D2}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFEF7C54-9281-4263-BA01-E745A0A66BCB}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-08-22 17:29:11 | 000,016,730 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2001-10-26 18:12:38 | 000,000,112 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AthBtTray[/b] - hkey= - key= - C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) MsConfig - StartUpReg: [b]AtherosBtStack[/b] - hkey= - key= - C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b] - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: [b]ChomikBox[/b] - hkey= - key= - C:\Program Files\ChomikBox\chomikbox.exe ( ) MsConfig - StartUpReg: [b]ediagStart[/b] - hkey= - key= - C:\APP\ediag\eDiagStart.lnk () MsConfig - StartUpReg: [b]ETDWare[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Facebook Update[/b] - hkey= - key= - C:\Users\Pozostali\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo) MsConfig - StartUpReg: [b]Gadwin PrintScreen[/b] - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig - StartUpReg: [b]IAStorIcon[/b] - hkey= - key= - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: [b]Nowe Gadu-Gadu[/b] - hkey= - key= - C:\Program Files\Nowe Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) MsConfig - StartUpReg: [b]PPDiag Client Service[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]psastart[/b] - hkey= - key= - C:\APP\ddc\bin\psastart.exe () MsConfig - StartUpReg: [b]SIM[/b] - hkey= - key= - C:\APP\SIM\SIMBat.lnk () MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]uTorrent[/b] - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-08-01 23:10:22 | 000,000,000 | ---D | C] -- C:\ComboFix_www.INSTALKI.pl [2012-08-01 23:08:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-08-01 23:05:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-08-01 23:05:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012-08-01 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\HPAppData [2012-08-01 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012-08-01 10:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2012-08-01 10:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF857AEB261DB3555CF6E56C3443 [2012-07-31 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF857AEB261DB3555CF6F875EF7E [2012-07-30 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{C2B7C2E7-3697-4B14-B985-9208000C0E2F} [2012-07-30 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{018F3C81-D8B6-4031-8F77-81FF8707BB53} [2012-07-27 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{33CE264E-315A-43F3-BCA6-FCE9AA9730F4} [2012-07-27 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{984F3EBE-4E96-42D4-86EC-B913F7E70409} [2012-07-26 18:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\aktualne zdjęcia na stronę [2012-07-26 13:54:39 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\Nowy folder [2012-07-26 12:44:44 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini [2012-07-26 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{69D29DEA-1C7F-49BF-92B7-AE9524F2ADD9} [2012-07-26 12:44:30 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{DDF4BE79-1277-4371-A1CC-26B4678759E6} [2012-07-26 12:35:55 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\Desktop\posortowane [2012-07-25 16:38:57 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{9292D1CC-81FF-448A-9F7F-0C338000635F} [2012-07-25 16:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012-07-25 16:20:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012-07-25 16:19:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012-07-25 16:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012-07-25 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2012-07-24 17:21:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{D5A917EC-F89C-412E-A268-5BC497B0CB35} [2012-07-24 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1ABE458D-77C2-44DF-85E4-942870D84C4E} [2012-07-23 16:58:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F45E00AF-E622-4096-97F8-759F54F78EA2} [2012-07-21 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F5D0B233-38F4-47C0-9BA3-7F699C051738} [2012-07-17 16:18:48 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{46971AA4-B732-4882-9FF5-0D65D39605B3} [2012-07-17 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{91A9C260-84FD-44DE-847C-FB0AA2BAC60A} [2012-07-10 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{077C8DDD-BB91-4C62-B28D-31E5A8312EE1} [2012-07-10 13:38:11 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{4D6FE1AE-B495-4D42-98D1-0514A28FD1D5} [2012-07-08 11:05:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2012-07-08 11:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2 [2012-07-06 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A216628A-555A-4ADB-BFB9-7DE1BC5AA398} [2012-07-05 14:12:20 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Ahead [2012-07-05 14:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition [2012-07-05 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Ahead [2012-07-05 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2012-07-05 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead [2012-07-05 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\.gstreamer-0.10 [2012-07-05 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\ChomikBox [2012-07-05 12:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chomikuj.pl [2012-07-05 12:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox [2012-07-05 12:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager [2012-07-05 12:49:34 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Giant Savings [2012-07-05 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Roaming\Babylon [2012-07-05 12:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012-07-05 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{5ABC51B6-1A54-4D8D-B118-A479EF1AD822} [2012-07-05 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{52B78271-69C4-4709-B89E-FE9FCE8FD257} [2012-07-04 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{89C099DC-9303-4923-9680-24262E9BE538} [2012-07-04 11:40:04 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0B927405-0BA0-4599-924D-193181818CD7} [2012-07-04 11:39:52 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{665C816A-D398-4096-88C3-6AD67EE19273} [2012-07-03 22:58:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{33AFDBDE-E7A0-4A98-B867-7283464980C9} [2012-07-03 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{8EFE08AC-3AF3-479A-99B9-EB8C28969C1B} [2012-07-01 23:05:00 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{7D170B7C-2BB1-4011-84F6-49BC3184D30A} [2012-07-01 23:04:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{28432597-DA53-4135-AE06-7F759C4CD738} [2012-06-29 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{60E9BA7F-7A9C-4C4B-B756-EE962DD9381C} [2012-06-29 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{54DF7837-32BC-439C-A40D-90E2C90E3D5A} [2012-06-28 20:56:25 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{2E3D969C-7874-4D95-A6CF-FEA1DC329B17} [2012-06-28 20:56:13 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{231CBFC8-FAB0-4133-81C4-29F7BEE6430B} [2012-06-26 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{44AA649E-83C0-48A0-B380-6454121E69FE} [2012-06-25 14:22:48 | 000,000,000 | ---D | C] -- C:\oud [2012-06-25 14:13:53 | 000,000,000 | ---D | C] -- C:\CDTELE [2012-06-25 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiagBox [2012-06-25 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\DiagBox [2012-06-25 14:00:10 | 000,000,000 | ---D | C] -- C:\TMP [2012-06-25 14:00:07 | 000,000,000 | ---D | C] -- C:\dual [2012-06-25 13:54:57 | 000,000,000 | ---D | C] -- C:\AWRoot [2012-06-25 13:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wifi [2012-06-25 13:53:36 | 000,000,000 | ---D | C] -- C:\APP [2012-06-25 13:53:34 | 000,000,000 | ---D | C] -- C:\Backup_DB [2012-06-25 13:50:13 | 000,000,000 | ---D | C] -- C:\TEMP [2012-06-25 09:42:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{8D4BBD55-5054-4105-929D-221D75A0DF70} [2012-06-25 09:42:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A276CE86-BFD9-4AE6-8A6F-0EBA19EF8E98} [2012-06-22 23:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.1 Home Edition [2012-06-22 23:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS [2012-06-22 12:07:11 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{569608A0-0948-44A6-B61B-6EDCE67E7914} [2012-06-22 12:06:59 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{EADB8842-2BE2-49EE-8BA7-604E9412C3E5} [2012-06-22 11:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B000CD1BB00650256B4EB238B [2012-06-21 09:46:58 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{67D85563-86EB-429E-80B8-C111AAA498ED} [2012-06-21 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{104E9360-2803-432A-A003-41AE47312463} [2012-06-21 09:45:55 | 000,000,000 | ---D | C] -- C:\Windows\pl [2012-06-20 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1966F075-0A34-4CD0-974E-CA9CFF7962A8} [2012-06-20 18:59:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{89B03D46-7D7E-4701-B511-0ED70F87A36B} [2012-06-19 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0EE4730F-C5AE-4493-BFD4-338BE9BD9237} [2012-06-19 14:30:28 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{96BD2922-8AE3-48D9-BC71-C31A36381082} [2012-06-18 22:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{1C64AD44-79A8-4CEE-876F-D865F42EB02C} [2012-06-17 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F0FB06BB-8C95-4A46-BDB9-6FCE58CA05CB} [2012-06-15 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{AD160075-986B-4441-893F-91ACD0C6C860} [2012-06-13 18:39:08 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{D47CED42-1735-4DC3-96B1-29530D503664} [2012-06-12 17:45:10 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A75F074F-9D12-48D8-BDDA-9A7AC66599B4} [2012-06-12 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{F3B8AE4F-8058-4818-B0DE-632AAC291392} [2012-06-12 13:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{64B14A30-6C34-4BDD-910B-C57834A345A1} [2012-06-12 13:46:15 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{A740D7E5-2520-4323-98A2-8B0453A45E9E} [2012-06-11 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{505683AD-9B1E-407D-91F7-3F82740DC180} [2012-06-11 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{B5F5ACDC-3B01-4B60-A734-79309C99C87E} [2012-06-11 07:12:38 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\Macromedia [2012-06-09 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{DC845453-9DC9-4557-9286-D9FA4226DFBD} [2012-06-09 21:40:19 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{3AEC604A-67ED-4716-B50D-87A9B61D56B6} [2012-06-05 22:53:02 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{0F8CB800-71C0-4F16-834E-10CB9559C5C6} [2012-06-05 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{CACEE97A-17F5-49D0-9BE7-E592EABB2530} [2012-06-04 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{85EB7DB0-2B6E-41FB-B964-DA061E8533FB} [2012-06-04 20:11:45 | 000,000,000 | ---D | C] -- C:\Users\Mateusz\AppData\Local\{B1526651-676D-472C-AADF-D1A870DF76E2} [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-08-02 10:13:38 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 10:13:38 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-08-02 10:10:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-08-02 10:07:53 | 000,000,000 | ---- | M] () -- C:\Users\Mateusz\sfc.tx [2012-08-02 10:06:36 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-08-02 10:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-08-02 10:06:17 | 1555,537,920 | -HS- | M] () -- C:\hiberfil.sys [2012-08-01 23:10:23 | 000,000,380 | ---- | M] () -- C:\Start_.cmd [2012-08-01 22:55:28 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-08-01 22:55:27 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-08-01 13:48:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003UA.job [2012-08-01 10:49:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-08-01 10:49:41 | 000,705,036 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-08-01 10:49:41 | 000,621,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-08-01 10:49:41 | 000,137,962 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-08-01 10:49:41 | 000,108,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-08-01 10:46:58 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012-08-01 00:12:40 | 000,000,600 | ---- | M] () -- C:\Users\Mateusz\AppData\Roaming\winscp.rnd [2012-07-31 17:14:57 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003Core.job [2012-07-26 12:44:33 | 008,680,717 | ---- | M] () -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini.rar [2012-07-25 16:19:47 | 329,207,381 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012-07-08 11:06:39 | 046,534,438 | ---- | M] () -- C:\Users\Mateusz\Documents\clip0002.avi [2012-07-08 11:05:50 | 002,039,436 | ---- | M] () -- C:\Users\Mateusz\Documents\clip0001.avi [2012-07-05 14:10:13 | 000,002,754 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012-07-05 12:59:07 | 000,000,632 | ---- | M] () -- C:\Users\Public\Desktop\ChomikBox.lnk [2012-07-05 12:51:40 | 000,002,061 | ---- | M] () -- C:\Users\Mateusz\Desktop\JDownloader.lnk [2012-07-05 12:49:48 | 000,000,249 | ---- | M] () -- C:\user.js [2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012-06-25 14:00:22 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\DiagBox.lnk [2012-06-23 14:33:10 | 000,001,414 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2012-06-22 23:18:14 | 000,001,430 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-08-02 10:07:53 | 000,000,000 | ---- | C] () -- C:\Users\Mateusz\sfc.tx [2012-08-01 23:12:11 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{277a136f-0211-5ec0-e545-df8d5184cc37}\U\00000001.@ [2012-08-01 23:10:23 | 000,000,380 | ---- | C] () -- C:\Start_.cmd [2012-08-01 10:49:37 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012-08-01 10:46:58 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012-07-26 22:44:54 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk [2012-07-26 12:44:35 | 008,680,717 | ---- | C] () -- C:\Users\Mateusz\Desktop\Dekoracje Rożnowice 21.07.2012 mini.rar [2012-07-25 16:19:47 | 329,207,381 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012-07-08 11:06:18 | 046,534,438 | ---- | C] () -- C:\Users\Mateusz\Documents\clip0002.avi [2012-07-08 11:05:42 | 002,039,436 | ---- | C] () -- C:\Users\Mateusz\Documents\clip0001.avi [2012-07-05 14:10:13 | 000,002,754 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012-07-05 12:59:07 | 000,000,632 | ---- | C] () -- C:\Users\Public\Desktop\ChomikBox.lnk [2012-07-05 12:51:40 | 000,002,061 | ---- | C] () -- C:\Users\Mateusz\Desktop\JDownloader.lnk [2012-07-05 12:51:38 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012-07-05 12:51:38 | 000,001,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk [2012-07-05 12:51:37 | 000,001,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012-07-05 12:49:47 | 000,000,249 | ---- | C] () -- C:\user.js [2012-06-25 14:27:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012-06-25 14:27:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012-06-25 14:00:22 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\DiagBox.lnk [2012-06-23 14:32:30 | 000,001,414 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2012-06-22 23:18:14 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012-06-22 23:18:14 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012-06-22 23:18:14 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012-06-22 23:18:14 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012-06-22 23:18:14 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012-06-22 23:18:14 | 000,001,430 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk [2012-05-17 18:02:36 | 000,000,132 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2012-05-16 18:51:11 | 000,000,600 | ---- | C] () -- C:\Users\Mateusz\AppData\Roaming\winscp.rnd [2012-01-11 16:49:55 | 000,002,048 | -HS- | C] () -- C:\Users\Pozostali\AppData\Local\{277a136f-0211-5ec0-e545-df8d5184cc37}\@ [2011-10-08 11:50:09 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2011-04-18 09:55:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-04-16 22:28:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-04-14 11:56:19 | 000,000,180 | ---- | C] () -- C:\Users\Mateusz\.packettracer [2011-04-13 21:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-04-12 16:43:45 | 000,211,151 | ---- | C] () -- C:\Windows\hpoins46.dat [2011-04-12 16:43:45 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat [2011-04-11 21:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011-04-11 21:43:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2011-04-11 21:42:37 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011-04-11 21:42:37 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2011-04-11 21:42:36 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011-04-11 21:42:36 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2011-04-11 21:42:36 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011-04-11 20:55:17 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011-04-11 20:55:17 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011-04-11 20:55:17 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011-04-11 20:55:17 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011-04-11 20:55:17 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011-04-11 20:55:17 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011-04-11 20:37:43 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-04-11 20:37:35 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2011-04-11 20:37:35 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011-04-11 20:37:35 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-04-11 20:37:31 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [color=#E56717]========== LOP Check ==========[/color] [2012-02-29 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Actia [2012-07-05 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Babylon [2011-04-12 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Dev-Cpp [2011-09-25 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\FileZilla [2011-04-15 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Free Monitor for Google [2011-09-25 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\GHISLER [2012-05-16 20:38:55 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\IrfanView [2012-06-01 22:29:57 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Mikrotik [2011-09-21 19:15:33 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Nowe Gadu-Gadu [2011-04-12 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Softland [2012-05-17 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012-05-16 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\svBuilder [2012-05-07 09:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\SWiSH Max4 [2011-04-11 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\TeamViewer [2012-01-15 22:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\uTorrent [2011-05-05 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Mateusz\AppData\Roaming\Windows Live Writer [2011-10-07 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Pozostali\AppData\Roaming\Nowe Gadu-Gadu [2012-04-07 21:52:30 | 000,000,000 | ---D | M] -- C:\Users\Pozostali\AppData\Roaming\uTorrent [2012-07-31 17:14:57 | 000,001,072 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003Core.job [2012-08-01 13:48:46 | 000,001,094 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2944944328-2395158993-1232275954-1003UA.job [2012-04-04 15:27:54 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011-08-22 17:29:11 | 000,016,730 | ---- | M] () -- C:\AutoMapaSetupLog.txt [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2012-08-02 10:06:17 | 1555,537,920 | -HS- | M] () -- C:\hiberfil.sys [2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012-06-25 14:27:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012-08-02 10:06:19 | 2074,054,656 | -HS- | M] () -- C:\pagefile.sys [2012-08-01 23:10:23 | 000,000,380 | ---- | M] () -- C:\Start_.cmd [2012-06-25 15:29:30 | 000,004,446 | ---- | M] () -- C:\STCAPI_traces_2012-06-25.log [2012-06-25 14:51:41 | 000,000,036 | ---- | M] () -- C:\TraceInstPC.log [2012-07-05 12:49:48 | 000,000,249 | ---- | M] () -- C:\user.js [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2012-08-02 10:27:16 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mateusz\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 58,08% Memory free 3,86 Gb Paging File | 2,70 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,08 Gb Total Space | 26,53 Gb Free Space | 30,12% Space Free | Partition Type: NTFS Drive D: | 175,92 Gb Total Space | 81,95 Gb Free Space | 46,58% Space Free | Partition Type: NTFS Drive F: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS Drive G: | 9,76 Gb Total Space | 9,69 Gb Free Space | 99,24% Space Free | Partition Type: NTFS Drive H: | 624,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MATEUSZ-NB | User Name: Mateusz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2944944328-2395158993-1232275954-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [ChomikBox.Upload] -- "C:\Program Files\ChomikBox\\ChomikBox.exe" -u"%1" ( ) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500 "{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}" = TP-LINK Wireless Client Utility "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F7B7598-88EA-4442-A54E-65EADCF06D97}" = ChomikBox "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6905AAF7-2EEA-4BC0-A429-9A6FB75D57BF}" = Windows Live Family Safety "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_VISPROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_VISPROR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0054-0415-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Polish) 2007 "{90120000-0054-0415-0000-0000000FF1CE}_VISPROR_{F0302E0A-BDB9-449F-81B4-6A7557EE9C5C}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_VISPROR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUS_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUS_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUS_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3) "{91C0B95B-B83A-4828-A775-BBE2DD421045}" = Nero 7 Ultra Edition "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A18F0A9D-D67B-35D8-C041-067E5F2DF2F9}" = svBuilder "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABB2B52E-D1C1-49F1-AF2D-863B4CB9E580}" = Oracle VM VirtualBox 3.2.12 "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE0D4117-9AEB-4021-9903-5536500CF5E8}" = Pit Pro 2011 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26DE123-C491-4D8C-BC86-FDF604F00226}" = Broadcom Gigabit Integrated Controller "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "06330AEC489EF74CA815EB51EB0BFB271730A066" = Pakiet sterowników systemu Windows - ACTIA Automotive ACTIA USB Devices Driver Installation Media (06/16/2010 1.00.00) "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cisco Packet Tracer 5.3.2_is1" = Cisco Packet Tracer 5.3.2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "doPDF 7 printer_is1" = doPDF 7.0 printer "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition "Elantech" = ETDWare PS/2-x86 7.0.6.5_WHQL "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.0 "Free Monitor for Google_is1" = Free Monitor for Google 2.5 "Gadu-Gadu" = Gadu-Gadu 7.0 "Gadwin PrintScreen" = Gadwin PrintScreen "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HyperCam 2" = HyperCam 2 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full "LameACM" = LameACM "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "MoorHunt_is1" = MoorHunt 0.6.7.2 "Mozilla Firefox 14.0.1 (x86 pl)" = Mozilla Firefox 14.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Packet Tracer 4.0_is1" = Packet Tracer 4.0 "PAP 4.0_is1" = PAP 4.0 "PAP project files_is1" = PAP project files "PhotoFiltre" = PhotoFiltre "RealAlt_is1" = Real Alternative 1.9.0 "Shop for HP Supplies" = Shop for HP Supplies "svBuilder" = svBuilder "SWiSH Max4" = SWiSH Max4 "TeamViewer 5" = TeamViewer 5 "Totalcmd" = Total Commander (Remove or Repair) "TVWiz" = Intel(R) TV Wizard "UltraISO_is1" = UltraISO Premium V9.33 "uTorrent" = µTorrent "VISPROR" = Microsoft Office Visio Professional 2007 "WebSite PRO_is1" = WebSite PRO 4.3 "Winamp" = Winamp "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR "winscp3_is1" = WinSCP 4.3.7 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-07-03 07:25:47 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie jest obsługiwane w tej wersji systemu Windows. Error - 2012-07-04 11:15:06 | Computer Name = Mateusz-NB | Source = Google Update | ID = 20 Description = Error - 2012-07-05 09:46:41 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie jest obsługiwane w tej wersji systemu Windows. Error - 2012-07-21 15:09:47 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd: NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001d1e33 Identyfikator procesu powodującego błąd: 0x948 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6772b7c9ca97 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll Identyfikator raportu: a2ae11d4-d367-11e1-aa47-88ae1d7d00da Error - 2012-07-22 07:12:29 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd: NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x004923d1 Identyfikator procesu powodującego błąd: 0xabc Godzina uruchomienia aplikacji powodującej błąd: 0x01cd67f9e8b456db Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll Identyfikator raportu: 1f969857-d3ee-11e1-aa47-88ae1d7d00da Error - 2012-07-24 16:13:36 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_3_300_265.exe, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd5ac Nazwa modułu powodującego błąd: NPSWF32_11_3_300_265.dll, wersja: 11.3.300.265, sygnatura czasowa: 0x4febd798 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x001d1e33 Identyfikator procesu powodującego błąd: 0x2f4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd69d810fe0e2d Ścieżka aplikacji powodującej błąd: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll Identyfikator raportu: 0c5cd0f4-d5cc-11e1-8e67-88ae1d7d00da Error - 2012-07-25 05:01:36 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie jest obsługiwane w tej wersji systemu Windows. Error - 2012-07-26 16:31:19 | Computer Name = Mateusz-NB | Source = MsiInstaller | ID = 11704 Description = Error - 2012-07-30 11:01:00 | Computer Name = Mateusz-NB | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Updater.exe, wersja: 5.10.1.44067, sygnatura czasowa: 0x4fd0eef7 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x006b00c4 Identyfikator procesu powodującego błąd: 0x1008 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd6e5fd370ac09 Ścieżka aplikacji powodującej błąd: C:\Program Files\Skype\Updater\Updater.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 5f3a8721-da57-11e1-81fe-88ae1d7d00da Error - 2012-07-31 05:05:58 | Computer Name = Mateusz-NB | Source = SideBySide | ID = 16842824 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\microsoft security client\MSESysprep.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\microsoft security client\MSESysprep.dll" w wierszu 10. Element imaging jest elementem podrzędnym elementu urn:schemas-microsoft-com:asm.v1^assembly, co nie jest obsługiwane w tej wersji systemu Windows. [ System Events ] Error - 2012-08-01 17:43:31 | Computer Name = Mateusz-NB | Source = Microsoft Antimalware | ID = 1119 Description = Program %%860 napotkał błąd krytyczny podczas podejmowania działania związanego ze złośliwym lub innym potencjalnie niechcianym oprogramowaniem. Aby uzyskać więcej informacji, patrz: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Nazwa: Trojan:Win32/Sirefef.AH Identyfikator: 2147655284 Waga: Poważny Kategoria: Koń trojański Ścieżka: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:580 Pochodzenie wykrycia: %%845 Typ wykrycia: %%822 Źródło wykrycia: %%820 Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: C:\Windows\system32\services.exe Działanie: %%808 Stan działania: No additional actions required Kod błędu: 0x800704ec Opis błędu: Ten program jest blokowany przez zasady grupy. Aby uzyskać więcej informacji, skontaktuj się z administratorem systemu. Wersja podpisu: AV: 1.131.1153.0, AS: 1.131.1153.0, NIS: 11.159.0.0 Wersja aparatu: AM: 1.1.8601.0, NIS: 2.0.8001.0 Error - 2012-08-02 04:02:28 | Computer Name = Mateusz-NB | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 23:43:30 na ?2012-?08-?01 było nieoczekiwane. Error - 2012-08-02 04:02:32 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1060 Error - 2012-08-02 04:02:36 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1060 Error - 2012-08-02 04:03:08 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147024891 Error - 2012-08-02 04:03:08 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%-2147024891 Error - 2012-08-02 04:06:27 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1060 Error - 2012-08-02 04:06:35 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1060 Error - 2012-08-02 04:07:03 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7023 Description = Usługa Publikacja zasobów odnajdowania funkcji zakończyła działanie; wystąpił następujący błąd: %%-2147024891 Error - 2012-08-02 04:07:03 | Computer Name = Mateusz-NB | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Publikacja zasobów odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%-2147024891 < End of report > [/log]
Gość komentarz 2 sierpnia 2012 komentarz 2 sierpnia 2012 Udało ci się bo combofix był w akcji i on naprawił wartości rejestru ale to jeszcze nie koniec. 1. Uruchom OTL i w okno [b]Własne opcje skanowania /skrypt[/b] Wklej [code] :OTL O4 - HKLM..\Run: [] File not found :Files C:\Windows\Installer\{277a136f-0211-5ec0-e545-df8d5184cc37}\U\00000001.@ C:\Users\Pozostali\AppData\Local\{277a136f-0211-5ec0-e545-df8d5184cc37}\@ C:\Users\Mateusz\AppData\Roaming\Babylon :Commands [EMPTYTEMP] [/code] Kliknij [b]Wykonaj skrypt[/b] 2.Po restarcie kliknij [b]Sprzątanie[/b] 3.Wykonujesz odbudowe zapory(mpsdrv+MpsSvc+shared access) wedle tej instrukcji: http://www.fixitpc.pl/topic/6855-rekonstrukcja-zapory-systemu-windows/ 4.Uruchom notatnik i wklej [code] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS] "DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "DelayedAutoStart"=dword:00000001 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\ 6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\ 00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\ 72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\ 63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance] "Library"="bitsperf.dll" "Open"="PerfMon_Open" "Collect"="PerfMon_Collect" "Close"="PerfMon_Close" "InstallType"=dword:00000001 "PerfIniFile"="bitsctrs.ini" "First Counter"=dword:0000086c "Last Counter"=dword:0000087c "First Help"=dword:0000086d "Last Help"=dword:0000087d "Object List"="2156" "PerfMMFileName"="Global\\MMF_BITS_s" "1008"=hex(b):ed,6c,91,96,c4,35,cd,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security] "Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\ 00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\ 00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\ 00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\ 00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\ 00,20,02,00,00 [/code] Z menu notatnika>Zapisz jako> rozszerzenie zmieniasz na wszytkie pliki>NAzwa fix.reg Klikasz zapisz i z prawokliku wybierasz scal Podajesz nowe logi z fss
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.